php - Wordpress WPDB and Mysql strange behaviour -
i using $wpdb , following part of codes calls $wpdb->update.
this code works if it's normal email@domain.com, when if users use + sign in username, e.g. email+something@domain.com, wpdb doesn't read + sign
below variables $_get i'm putting in values readability.
$open_email = 'something+addition@gmail.com'; $open_key = '2f1e4b16a9a882bbef9b00906fc5c8f563fd70a5'; $open_time = time(); if (strlen($open_key) == 40) { $status_update = $wpdb->update('status', array( 'invite_status' => 'opened', 'open_time' => $open_time ), array( 'invite_email' => $open_email, 'invite_token' => $open_key ), array( '%s', '%d' ), array( '%s', '%s' ) ); }
var dump of $wpdb->last_query , $wpdb->last_error returns followings.
string(235) "update status
set invite_status
= 'opened', open_time
= 1461103507 invite_email
= 'something addition@gmail.com' , rating_invite_token
= '2f1e4b16a9a882bbef9b00906fc5c8f563fd70a5'"
i notice above part in error, highlighted in bold, plus (+) sign gone , left space, causing above statement not update.
may know missing out anything?
update: asking because users of gmails use + sign categorise emails, username+anything@gmail.com still goes username@gmail.com
if there's sanitisation supposed do, miss out, please guide me well. presume $_get data should have been sanitised.
it isn't wpdb
or mysql that's removing plus.
under hood, when call update that, wordpress passing data through mysqli_real_escape_string()
, nothing else.
since mentioned data coming query string $_get
, +
being removed before query because being unescaped , +
being translated space.
you can check with:
$open_email = $_get['email']; var_dump($open_email);
and see result is.
to plus back, should safe following after sanitzation , unescaping:
$open_email = str_replace(' ', '+', $open_email);
Comments
Post a Comment