From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Tue, 21 Sep 2021 15:39:14 +0000 (+0200)
Subject: Deprecate the escapeString() helper (#4506)
X-Git-Tag: 5.5.0_Alpha_1~429
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=270ed434d4dc8a44862b38715b826f63943bfcb0;p=GitHub%2FWoltLab%2FWCF.git

Deprecate the escapeString() helper (#4506)

Developers are strongly encouraged to use prepared statements. If this is not
possible for compatibility reasons, they should use the `->escapeString()`
method directly.

Deprecating the helper ultimately allows cleaning up core.functions.php which
has become a dumping ground for all type of stuff over time.

Co-authored-by: Alexander Ebert <ebert@woltlab.com>
---

diff --git a/wcfsetup/install/files/lib/core.functions.php b/wcfsetup/install/files/lib/core.functions.php
index f98bb53f37..9212eed50e 100644
--- a/wcfsetup/install/files/lib/core.functions.php
+++ b/wcfsetup/install/files/lib/core.functions.php
@@ -18,11 +18,7 @@ namespace {
 	spl_autoload_register([WCF::class, 'autoload']);
 	
 	/**
-	 * Escapes a string for use in sql query.
-	 * 
-	 * @see	\wcf\system\database\Database::escapeString()
-	 * @param	string		$string
-	 * @return	string
+	 * @deprecated 5.5 Use prepared statements if possible. Directly call WCF::getDB()->escapeString() if prepared statements cannot be used.
 	 */
 	function escapeString($string) {
 		return WCF::getDB()->escapeString($string);