WordPress at a glance

esc_sql() WP 1.0

Escapes data for use in a MySQL query.

Usually you should prepare queries using wpdb::prepare(). Sometimes, spot-escaping is required or useful. One example is preparing an array for use in an IN clause.

NOTE: Since 4.8.3, '%' characters will be replaced with a placeholder string, this prevents certain SQLi attacks from taking place. This change in behaviour may cause issues for code that expects the return value of esc_sql() to be useable for other purposes.

  • Global. wpdb. $wpdb WordPress database abstraction object.

No Hooks.


String/Array. Escaped data


esc_sql( $data );
$data(string/array) (required)
Unescaped data

Code of esc_sql: wp-includes/formatting.php VER 4.9.8

function esc_sql( $data ) {
	global $wpdb;
	return $wpdb->_escape( $data );

Related Functions

From tag: esc_ (clean validate sanitize)

More from tag: query

More from category: SQL

No comments
    Hello, !     Log In . Register