mysql_real_escape

  • The two instances of mysql_real_escape in ip-based-login.php seems to cause some trouble.

    Solved by rewriting the sanitize_variables function to this:

    function sanitize_variables($variables = array()){
    global $wpdb;
    if(is_array($variables)){
    foreach($variables as $k => $v){
    $variables[$k] = trim($v);
    $variables[$k] = escapeshellcmd($v);
    $variables[$k] = $wpdb->_real_escape($v);
    }
    }else{
    $variables = $wpdb->_real_escape(escapeshellcmd(trim($variables)));
    }

    return $variables;
    }

    https://www.ads-software.com/plugins/ip-based-login/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author brijeshk89

    (@brijeshk89)

    Hi,

    Can you please let us know what issue did you face exactly so that we can replicate the issue and make the required changes in the next version.

    Thread Starter wegeberg

    (@wegeberg)

    I can not recreate the problem now on my local test-server, but the problem was that the IP Based Login preferences page did not load.
    As far as I remeber, it throwed an error regarding missing argument for mysql_real_escape_string.
    The sanitize_variables function didn’t have access to the wpdb object.

    That’s why i inserted the line:
    global $wpdb;
    and then switched the mysql_real_escape_string commands to $wpdb->_real_escape. Using the real_escape method from $wpdb.

    When I did that, the error disappeared.
    Hope this is of some help to you.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘mysql_real_escape’ is closed to new replies.