Re: [PHP-DEV] is_literal() + WordPress

This is only part of a thread. view whole thread
  109219
March 23, 2020 00:08 mike@newclarity.net (Mike Schinkel)
> On Mar 22, 2020, at 7:14 PM, Craig Francis <craig@craigfrancis.co.uk> wrote: > > On Sun, 22 Mar 2020 at 19:11, Mike Schinkel <mike@newclarity.net> wrote: >> IMO getting that in WordPress core is highly unlikely > > Good point, like all systems, WordPress will need to consider older versions of PHP. > > But, because this is a new function, they can avoid that issue by using `function_exists()`, as in... > > if (function_exists('is_literal') && !is_literal($sql)) { > trigger_error('This is an unsafe $query, please use $wpdb->prepare()', E_USER_NOTICE); > }
True....
> This would be a pretty easy way for WordPress to show they take security seriously, and helping developers to avoid these "all too common" mistakes. > > But I do appreciate how much effort it can be to introduce anything in to WordPress :-)
....but I will let you be the one to champion that cause given how much effort not being a core developer and getting anything added to WordPress it is. :-) -Mike