sanitize_sql_orderby()
Ensures a string is a valid SQL 'order by' clause.
Accepts one or more columns, with or without a sort order (ASC / DESC). e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc.
Also accepts 'RAND()'.
No Hooks.
Return
String|false
. Returns $orderby if valid, false otherwise.
Usage
sanitize_sql_orderby( $orderby );
- $orderby(string) (required)
- Order by clause to be validated.
Examples
#1 Checking ORDER BY part of SQL query
// OK example $orderby = ' col1 ASC '; $orderby = sanitize_sql_orderby( $orderby ); // string(10) " col1 ASC " // ERROR example $orderby = sanitize_sql_orderby( ' col-1 ASC ' ); // bool(false)
Changelog
Since 2.5.1 | Introduced. |
sanitize_sql_orderby() sanitize sql orderby code WP 6.1.1
function sanitize_sql_orderby( $orderby ) { if ( preg_match( '/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby ) || preg_match( '/^\s*RAND\(\s*\)\s*$/i', $orderby ) ) { return $orderby; } return false; }