esc_sql() WP 1.0

Escapes data for use in a MySQL query.

Usually you should prepare queries using wpdb::prepare(). Sometimes, spot-escaping is required or useful. One example is preparing an array for use in an IN clause.

NOTE: Since 4.8.3, '%' characters will be replaced with a placeholder string, this prevents certain SQLi attacks from taking place. This change in behaviour may cause issues for code that expects the return value of esc_sql() to be useable for other purposes.

Global. wpdb. $wpdb WordPress database abstraction object.

No Hooks.

Return

String/Array. Escaped data

Usage

esc_sql( $data );

$data(string/array) (required): Unescaped data

Code of esc_sql: `wp-includes/formatting.php` ^{VER 4.9.8}

<?php
function esc_sql( $data ) {
	global $wpdb;
	return $wpdb->_escape( $data );
}

Related Functions

From tag: esc_ (clean validate sanitize)

esc_attr()
esc_html()
esc_html_e()
esc_js()

esc_textarea()
esc_url()
esc_url_raw()
tag_escape()

urlencode_deep()
wp_specialchars_decode()
wp_strip_all_tags()

esc_sql() WP 1.0

Return

Usage

Code of esc_sql: `wp-includes/formatting.php` ^{VER 4.9.8}

Related Functions

From tag: esc_ (clean validate sanitize)

More from tag: query

More from category: SQL

esc_sql() WP 1.0

Return

Usage

Code of esc_sql: wp-includes/formatting.php VER 4.9.8

Related Functions

From tag: esc_ (clean validate sanitize)

More from tag: query

More from category: SQL

Code of esc_sql: `wp-includes/formatting.php` ^{VER 4.9.8}