Wordpress isn't database agnostic by default? That seems strange to me!

anonydsfsfs · on May 16, 2022

Wordpress was first released in 2003. There wasn't a database abstraction layer for PHP at the time (PDO was first released in 2005), so it was tightly coupled to MySQL.

0x0 · on May 16, 2022

And PDO isn't even a proper database abstraction layer, it's just a way to connect to various databases and issue prepared statements. You still have to write your own SQL queries and create table statements, which will most certainly not be portable.

madeofpalk · on May 16, 2022

Fair. It's 2022 now. I figured in the 19 years since they would have done something like this.

ceejayoz · on May 16, 2022

They’ve consistently prioritized backwards compatibility over pretty much anything else.

tyingq · on May 17, 2022

It doesn't even use placeholders and prepared statements. What looks like prepared statements, for example, are not.

Behold: https://github.com/WordPress/WordPress/blob/master/wp-includ...

mickael-kerjean · on May 17, 2022

This is wild and hard to believe nobody has found a way to do some sql injection from there