esc_url_raw() WP 2.8.0
Cleans URL for use in database query, redirects, and HTTP requests. Not cleans for a safe display.
Do not use this function if the URL is displayed in HTML code (on the screen). Use esc_url() instead — it replaces HTML entities — it will protect you against XSS attacks
Works based on: esc_url()
1 time = 0.000071s = very fast | 50000 times = 1.60s = fast
No Hooks.
Return
String. The cleaned URL. Return an empty if the URL contains the protocol not specified in $protocols.
Usage
esc_url_raw( $url, $protocols );
- $url(string) (required)
- The URL to be cleaned.
- $protocols(array)
- An array of acceptable protocols. By default: http, https, ftp, ftps, mailto, news, irc, gopher, nntp, feed, telnet.
Default: null
Examples
#1 Basic Example
$url = 'http://example.com?foo=<script>/some</script>'; echo esc_url_raw( $url ); // http://example.com?foo=script/some/script echo esc_url( $url ); // http://example.com?foo=script/some/script
#2 URL cleaning for use in request
$url = 'http://example.com'; $response = wp_remote_get( esc_url_raw( $url ) ); if ( ! is_wp_error( $response ) ) { echo wp_remote_retrieve_body( $response ); }
#3 Wrong usage
<!-- WRONG! Use should use esc_url() instead! --> <img src='<?php echo esc_url_raw( $url ); ?>' /> <a href='<?php echo esc_url_raw( $url ); ?>'>Example</a>
Notes
- See: esc_url()
Changelog
Since 2.8.0 | Introduced. |
Code of esc_url_raw() esc url raw WP 5.6
function esc_url_raw( $url, $protocols = null ) {
return esc_url( $url, $protocols, 'db' );
}Related Functions
From tag: esc_ (clean validate sanitize)
More from category: Sanitizing, Escaping
- sanitize_email()
- sanitize_file_name()
- sanitize_html_class()
- sanitize_option()
- sanitize_post_field()
- sanitize_text_field()