WordPress at a glance

esc_url_raw() WP 2.8.0

Cleans URL for use in database query, redirects, and HTTP requests. Not cleans for a safe display.

Do not use this function if the URL is displayed in HTML code (on the screen). Use esc_url() instead — it replaces HTML entities — it will protect you against XSS attacks

Works based on: esc_url()
✈ 1 time = 0.000071s = very fast | 50000 times = 1.60s = fast

No Hooks.

Return

String. The cleaned URL. Return an empty if the URL contains the protocol not specified in $protocols.

Usage

esc_url_raw( $url, $protocols );
$url(string) (required)
The URL to be cleaned.
$protocols(array)
An array of acceptable protocols. By default: http, https, ftp, ftps, mailto, news, irc, gopher, nntp, feed, telnet.
Default: null

Examples

#1 Basic Example

$url = 'http://example.com?foo=<script>/some</script>';

echo esc_url_raw( $url );
// http://example.com?foo=script/some/script

echo esc_url( $url );
// http://example.com?foo=script/some/script

#2 URL cleaning for use in request

$url = 'http://example.com';
$response = wp_remote_get( esc_url_raw( $url ) );
if ( ! is_wp_error( $response ) ) {
	echo wp_remote_retrieve_body( $response );
}

#3 Wrong usage

<!-- WRONG! Use should use esc_url() instead! -->
<img src='<?php echo esc_url_raw( $url ); ?>' />
<a href='<?php echo esc_url_raw( $url ); ?>'>Example</a>

Changelog

Since 2.8.0 Introduced.

Code of esc url raw: wp-includes/formatting.php WP 5.2.4

<?php
function esc_url_raw( $url, $protocols = null ) {
	return esc_url( $url, $protocols, 'db' );
}

Related Functions

From tag: esc_ (clean validate sanitize)

More from category: Sanitizing, Escaping

vladlu 100vlad.lu
Editors: kama 100
No comments
    Hello, !     Log In . Register