Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
03/13/2014 11:24:51 AM (11 years ago)
Author:
boonebgorges
Message:

Don't use mysql_real_escape_string() in BP_Signup

This causes problems on PHP 5.5+, where the mysql_* functions have been
deprecated.

See #5374

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-members/bp-members-classes.php

    r8119 r8121  
    151151            // Search terms
    152152            if ( ! empty( $r['usersearch'] ) ) {
    153                 $search_terms_clean = mysql_real_escape_string( mysql_real_escape_string( $r['usersearch'] ) );
     153                $search_terms_clean = esc_sql( esc_sql( $r['usersearch'] ) );
    154154                $search_terms_clean = like_escape( $search_terms_clean );
    155155                $sql['where'][] = "( user_login LIKE '%" . $search_terms_clean . "%' OR user_email LIKE '%" . $search_terms_clean . "%' OR meta LIKE '%" . $search_terms_clean . "%' )";
Note: See TracChangeset for help on using the changeset viewer.