View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0032704 | mantisbt | code cleanup | public | 2023-06-06 11:58 | 2023-06-12 10:57 |
| Reporter | dregad | Assigned To | dregad | ||
| Priority | normal | Severity | minor | Reproducibility | N/A |
| Status | resolved | Resolution | fixed | ||
| Target Version | 2.26.0 | Fixed in Version | 2.26.0 | ||
| Summary | 0032704: Remove deprecated function db_prepare_string() | ||||
| Description | This function has been deprecated for ages, and is no longer useful now that we are consistently using parameterized queries. There are 2 occurrences left in the code base, which should be removed. | ||||
| Additional Information | This may impact 3rd party plugins. Their authors should refactor their code to use parameterized queries so escaping strings is no longer necessary. | ||||
| Tags | No tags attached. | ||||
|
MantisBT: master f624e424 2023-05-28 12:44 Details Diff |
Remove deprecated db_prepare_string() function It was used in: - user_set_fields() to escape the field names when building the SQL query to update the user data. This function is normally only used internally, so $p_fields array can be considered as trusted input. - file_move_bug_attachments() to escape the file path, which is not necessary (parameterized query) Fixes 0032704 |
Affected Issues 0032704 |
|
| mod - core/database_api.php | Diff File | ||
| mod - core/file_api.php | Diff File | ||
| mod - core/user_api.php | Diff File | ||
