You are viewing an old revision of this post, from May 23, 2014 @ 10:26:15. See below for differences between this version and the current revision.

How to fix ‘Notice: wpdb::escape is deprecated since version 3.6!’

The Cause:

The error occurs because a function used to “escape” strings before being stored in the database has been deprecated. Escaping is the process of removing characters that can lead to SQL injection and XSS. The existing escape() function was deprecated in WordPress v3.6 RC2 and missed the previous released, and so may have gone unnoticed. The reason for this deprecation was security related, so could not be avoided. The wpdb:escape() function (found in wp-includes/wp-db.php) has been replaces with the newer esc_sql() function.

The Fix:

First of all, don't search for the wrong line of code, wpdb::escape. The string to look for is $wpdb->escape. In the short-term, you can fix the problem yourself.

1. Fix the Theme or Plugins Manually (Recommended)

This is the longest but also the recommended option. You basically have to manually go though all your plugins or themes to look for references to $wpdb->escape or $this->wpdb->escapeand replace all instances with esc_sql. It’s a straightforward find-and-replace, but it just means going through a lot of files. If you’re on Linux or Mac, you can use the following command line in your WordPress directory to quickly see which files need to be updated: [php]# Go to wp-content folder cd /path/to/wordpress/wp-content # Find all files that have wpdb->escape grep -ri 'wpdb->escape' *[/php] Running the command in terminal will give you a list of files that are affected. Simply replace $wpdb->escape with esc_sql.

If you still haver a problem after doing this.......

Are you running a domain mapping plugin with the sunrise.php file located in the wp-content directory? Unfortunately, esc_sql() can't be used, since apparently sunrise.php is been included before the function esc_sql() is even registered. So, I looked up into esc_sql(): [php]function esc_sql( $data ) { global $wpdb; return $wpdb->_escape( $data ); }[/php] Therefore, in sunrise.php, I commented the original line that causes the trouble, and duplicated it right below, modifying it as such: [php]// $dm_domain = $wpdb->escape( $_SERVER[ 'HTTP_HOST' ] ); $dm_domain = $wpdb->_escape( $_SERVER[ 'HTTP_HOST' ] );[/php] Should be problem solved!

Revisions

  • May 23, 2014 @ 10:28:35 [Current Revision] by PeterLugg
  • May 23, 2014 @ 10:28:35 by PeterLugg
  • May 23, 2014 @ 10:26:15 by PeterLugg

Revision Differences

May 23, 2014 @ 10:26:15Current Revision
Content
Unchanged: <h2 style="color: #474747;">The Cause:</h2>Unchanged: <h2 style="color: #474747;">The Cause:</h2>
Deleted: <p style="color: #666666;">The error occurs because a function used to “escape” strings before being stored in the database has been deprecated. Escaping is the process of removing characters that can lead to SQL injection and XSS. The existing escape() function was deprecated in WordPress v3.6 RC2 and missed the previous released, and so may have gone unnoticed.</p> Added: The error occurs because a function used to “escape” strings before being stored in the database has been deprecated. Escaping is the process of removing characters that can lead to SQL injection and XSS. The existing escape() function was deprecated in WordPress v3.6 RC2 and missed the previous released, and so may have gone unnoticed.
Deleted: <p style="color: #666666;">The reason for this deprecation was security related, so could not be avoided. The<code>wpdb: escape()</code> function (found in <code>wp- includes/wp-db.php</code>) has been replaces with the newer <code> esc_sql()</code>  function.</p> Added: The reason for this deprecation was security related, so could not be avoided. The wpdb:escape() function (found in wp-includes/wp-db.php) has been replaces with the newer esc_sql( ) function.
Unchanged: <h2 style="color: #474747;">The Fix:</h2>Unchanged: <h2 style="color: #474747;">The Fix:</h2>
 Added: First of all, don't search for the wrong line of code, <em>wpdb: :escape</em>.
 Added: The string to look for is <em>$wpdb- &gt;escape</em>.
Unchanged: In the short-term, you can fix the problem yourself.Unchanged: In the short-term, you can fix the problem yourself.
Unchanged: <h3 style="color: #474747;">1. Fix the Theme or Plugins Manually (Recommended)</h3>Unchanged: <h3 style="color: #474747;">1. Fix the Theme or Plugins Manually (Recommended)</h3>
Unchanged: This is the longest but also the <strong style="font-style: inherit;">recommended< /strong> option. You basically have to manually go though all your plugins or themes to look for references to <code>$wpdb- &gt;escape</code>  or <code> $this-&gt;wpdb- &gt;escape</code>and replace all instances with <code>esc_sql</code>. It’s a straightforward find-and-replace, but it just means going through a lot of files.Unchanged: This is the longest but also the <strong style="font-style: inherit;">recommended< /strong> option. You basically have to manually go though all your plugins or themes to look for references to <code>$wpdb- &gt;escape</code>  or <code> $this-&gt;wpdb- &gt;escape</code>and replace all instances with <code>esc_sql</code>. It’s a straightforward find-and-replace, but it just means going through a lot of files.
Unchanged: If you’re on Linux or Mac, you can use the following command line in your WordPress directory to quickly see which files need to be updated:Unchanged: If you’re on Linux or Mac, you can use the following command line in your WordPress directory to quickly see which files need to be updated:
Unchanged: [php]# Go to wp-content folderUnchanged: [php]# Go to wp-content folder
Unchanged: cd /path/to/wordpress/wp-contentUnchanged: cd /path/to/wordpress/wp-content
Unchanged: # Find all files that have wpdb-&gt;escapeUnchanged: # Find all files that have wpdb-&gt;escape
Unchanged: grep -ri 'wpdb-&gt;escape' *[/php]Unchanged: grep -ri 'wpdb-&gt;escape' *[/php]
Unchanged: Running the command in terminal will give you a list of files that are affected.Unchanged: Running the command in terminal will give you a list of files that are affected.
Unchanged: Simply replace $wpdb-&gt;escape with esc_sql.Unchanged: Simply replace $wpdb-&gt;escape with esc_sql.
Unchanged: <h2>If you still haver a problem after doing this.......</h2>Unchanged: <h2>If you still haver a problem after doing this.......</h2>
Deleted: Are you running the domain mapping plugin with the sunrise.php file located in the wp-content directory? Added: Are you running domain mapping plugin with the sunrise.php file located in the wp-content directory?
Unchanged: Unfortunately, < em>esc_sql()</em> can't be used, since apparently < em>sunrise.php</em> is been included before the function <em> esc_sql()</em> is even registered.Unchanged: Unfortunately, < em>esc_sql()</em> can't be used, since apparently < em>sunrise.php</em> is been included before the function <em> esc_sql()</em> is even registered.
Unchanged: So, I looked up into <em>esc_sql():</em>Unchanged: So, I looked up into <em>esc_sql():</em>
Unchanged: [php]function esc_sql( $data ) {Unchanged: [php]function esc_sql( $data ) {
Unchanged: global $wpdb;Unchanged: global $wpdb;
Unchanged: return $wpdb-&gt;_escape( $data );Unchanged: return $wpdb-&gt;_escape( $data );
Unchanged: }[/php]Unchanged: }[/php]
Unchanged: Therefore, in sunrise.php, I commented the original line that causes the trouble, and duplicated it right below, modifying it as such:Unchanged: Therefore, in sunrise.php, I commented the original line that causes the trouble, and duplicated it right below, modifying it as such:
Unchanged: [php]// $dm_domain = $wpdb-&gt;escape( $_SERVER[ 'HTTP_HOST' ] );Unchanged: [php]// $dm_domain = $wpdb-&gt;escape( $_SERVER[ 'HTTP_HOST' ] );
Unchanged: $dm_domain = $wpdb-&gt;_escape( $_SERVER[ 'HTTP_HOST' ] );[/php]Unchanged: $dm_domain = $wpdb-&gt;_escape( $_SERVER[ 'HTTP_HOST' ] );[/php]
Unchanged: Should be problem solved!Unchanged: Should be problem solved!

Note: Spaces may be added to comparison text to allow better line wrapping.

Tags: ,

No comments yet.

Leave a Reply