esc_url_raw()
Cleans URL for use in database query, redirects, and HTTP requests. Not cleans for a safe display.
Do not use this function if the URL is displayed in HTML code (on the screen). Use esc_url() instead — it replaces HTML entities — it will protect you against XSS attacks
This function is an alias for sanitize_url().
Uses: esc_url()
1 time — 0.000071 sec (very fast) | 50000 times — 1.60 sec (fast)
No Hooks.
Return
String
. The cleaned URL. Return an empty if the URL contains the protocol not specified in $protocols.
Usage
esc_url_raw( $url, $protocols );
- $url(string) (required)
- The URL to be cleaned.
- $protocols(array)
- An array of acceptable protocols. By default: http, https, ftp, ftps, mailto, news, irc, gopher, nntp, feed, telnet.
Default: null
Examples
#1 Basic Example
echo esc_url_raw( '//example.com/foo?bar' ); // //example.com/foo?bar echo esc_url_raw( '/example.com/foo?bar' ); // /example.com/foo?bar echo esc_url_raw( '/example/foo?bar' ); // /example/foo?bar echo esc_url_raw( '/' ); // / echo esc_url_raw( 123 ); // http://123 echo esc_url_raw( '123' ); // http://123 var_dump( esc_url_raw( '' ) ); // string(0) "" var_dump( esc_url_raw( false ) ); // string(0) "" var_dump( esc_url_raw( null ) ); // string(0) "" var_dump( esc_url_raw( [] ) ); // string(0) "" $url = 'http://example.com?foo=<script>/some</script>'; echo esc_url_raw( $url ); // http://example.com?foo=script/some/script echo esc_url( $url ); // http://example.com?foo=script/some/script
#2 URL cleaning for use in request
$url = 'http://example.com'; $response = wp_remote_get( esc_url_raw( $url ) ); if ( ! is_wp_error( $response ) ) { echo wp_remote_retrieve_body( $response ); }
#3 Wrong usage
<!-- WRONG! Use should use esc_url() instead! --> <img src='<?php echo esc_url_raw( $url ); ?>' /> <a href='<?php echo esc_url_raw( $url ); ?>'>Example</a>
Notes
- See: sanitize_url()
Changelog
Since 2.8.0 | Introduced. |
Since 6.1.0 | Turned into an alias for sanitize_url(). |
esc_url_raw() esc url raw code WP 6.7.1
function esc_url_raw( $url, $protocols = null ) { return sanitize_url( $url, $protocols ); }