WordPress at Your Fingertips

esc_url_raw() WP 2.8.0

Cleans URL for use in database query, redirects, and HTTP requests. Not cleans for a safe display.

Do not use this function if the URL is displayed in HTML code (on the screen). Use esc_url() instead — it replaces HTML entities — it will protect you against XSS attacks

Uses: esc_url()
1 time — 0.000071 sec (very fast) | 50000 times — 1.60 sec (fast)

No Hooks.


String. The cleaned URL. Return an empty if the URL contains the protocol not specified in $protocols.


esc_url_raw( $url, $protocols );
$url(string) (required)
The URL to be cleaned.
An array of acceptable protocols. By default: http, https, ftp, ftps, mailto, news, irc, gopher, nntp, feed, telnet.
Default: null


#1 Basic Example

$url = 'http://example.com?foo=<script>/some</script>';

echo esc_url_raw( $url );
// http://example.com?foo=script/some/script

echo esc_url( $url );
// http://example.com?foo=script/some/script

#2 URL cleaning for use in request

$url = 'http://example.com';
$response = wp_remote_get( esc_url_raw( $url ) );
if ( ! is_wp_error( $response ) ) {
	echo wp_remote_retrieve_body( $response );

#3 Wrong usage

<!-- WRONG! Use should use esc_url() instead! -->
<img src='<?php echo esc_url_raw( $url ); ?>' />
<a href='<?php echo esc_url_raw( $url ); ?>'>Example</a>



Since 2.8.0 Introduced.

Code of esc_url_raw() WP 5.8.1

function esc_url_raw( $url, $protocols = null ) {
	return esc_url( $url, $protocols, 'db' );

esc_ (clean validate sanitize)

Sanitizing, Escaping

vladlu 100vlad.lu
Editors: Kama 100
No comments
    Log In