Changeset 968018
- Timestamp:
- 08/19/2014 04:13:10 AM (12 years ago)
- File:
-
- 1 edited
-
sql-table-lookup/trunk/readme.txt (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
sql-table-lookup/trunk/readme.txt
r968016 r968018 10 10 11 11 [sql query="SELECT a FROM b WHERE c='d';"] 12 12 13 [sql]SELECT a FROM b WHERE c='d';[/sql] 14 13 15 [sql table="b" unique_lookup_field="c" lookup_value="d" return_field="a"] 14 16 15 If a table or column name has a space or other unusual character in it, wrap it in `backticks`. If a value contains a space or other unusual characters, wrap it in 'single quotes'. 17 If a table or column name has a space or other unusual character in it, wrap it in \`backticks\`. If a value contains a 18 space or other unusual characters, wrap it in 'single quotes'. 16 19 17 20 While I've taken considerable effort to prevent SQL injection attacks by escaping all other dangerous characters with esc_sql (which uses mysql_real_escape_string/mysqli_real_escape_string and addslashes), I would advise against using this plugin on a site that accepts any kind of posts or comments from untrusted sources.
Note: See TracChangeset
for help on using the changeset viewer.