php - Wordpress WPDB and Mysql strange behaviour -


i using $wpdb , following part of codes calls $wpdb->update.

this code works if it's normal email@domain.com, when if users use + sign in username, e.g. email+something@domain.com, wpdb doesn't read + sign

below variables $_get i'm putting in values readability.

$open_email = 'something+addition@gmail.com'; $open_key = '2f1e4b16a9a882bbef9b00906fc5c8f563fd70a5'; $open_time = time();  if (strlen($open_key) == 40) {     $status_update = $wpdb->update('status',              array(                 'invite_status' => 'opened',                 'open_time' => $open_time                 ),             array(                 'invite_email' => $open_email,                 'invite_token' => $open_key                 ),             array(                 '%s',                 '%d'                 ),             array(                 '%s',                 '%s'                 )                 ); } 

var dump of $wpdb->last_query , $wpdb->last_error returns followings.

string(235) "update status set invite_status = 'opened', open_time = 1461103507 invite_email = 'something addition@gmail.com' , rating_invite_token = '2f1e4b16a9a882bbef9b00906fc5c8f563fd70a5'"

i notice above part in error, highlighted in bold, plus (+) sign gone , left space, causing above statement not update.

may know missing out anything?

update: asking because users of gmails use + sign categorise emails, username+anything@gmail.com still goes username@gmail.com

if there's sanitisation supposed do, miss out, please guide me well. presume $_get data should have been sanitised.

it isn't wpdb or mysql that's removing plus.

under hood, when call update that, wordpress passing data through mysqli_real_escape_string() , nothing else.

since mentioned data coming query string $_get, + being removed before query because being unescaped , + being translated space.

you can check with:

$open_email = $_get['email']; var_dump($open_email); 

and see result is.

to plus back, should safe following after sanitzation , unescaping:

$open_email = str_replace(' ', '+', $open_email); 

Comments

Popular posts from this blog

java - nested exception is org.hibernate.exception.SQLGrammarException: could not extract ResultSet Hibernate+SpringMVC -

sql - Postgresql tables exists, but getting "relation does not exist" when querying -

asp.net mvc - breakpoint on javascript in CSHTML? -