View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0032704||mantisbt||code cleanup||public||2023-06-06 11:58||2023-10-31 16:32|
|Target Version||2.26.0||Fixed in Version||2.26.0|
|Summary||0032704: Remove deprecated function db_prepare_string()|
This function has been deprecated for ages, and is no longer useful now that we are consistently using parameterized queries.
There are 2 occurrences left in the code base, which should be removed.
This may impact 3rd party plugins.
Their authors should refactor their code to use parameterized queries so escaping strings is no longer necessary.
|Tags||No tags attached.|
MantisBT: master f624e424
|Remove deprecated db_prepare_string() function
It was used in:
- user_set_fields() to escape the field names when building the SQL
query to update the user data. This function is normally only used
internally, so $p_fields array can be considered as trusted input.
- file_move_bug_attachments() to escape the file path, which is not
necessary (parameterized query)
|mod - core/database_api.php||Diff File|
|mod - core/file_api.php||Diff File|
|mod - core/user_api.php||Diff File|