sanitize_sql_orderby() WP 1.0

Ensures a string is a valid SQL 'order by' clause.

Accepts one or more columns, with or without a sort order (ASC / DESC). e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc.

Also accepts 'RAND()'.

No Hooks.

Return

String/false. Returns $orderby if valid, false otherwise.

Usage

sanitize_sql_orderby( $orderby );

$orderby(string) (required): Order by clause to be validated.

Code of sanitize_sql_orderby: `wp-includes/formatting.php` ^{VER 4.9.8}

<?php
function sanitize_sql_orderby( $orderby ) {
	if ( preg_match( '/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby ) || preg_match( '/^\s*RAND\(\s*\)\s*$/i', $orderby ) ) {
		return $orderby;
	}
	return false;
}

Related Functions

From tag: sanitize_

sanitize_email()
sanitize_file_name()
sanitize_html_class()
sanitize_meta()
sanitize_option()
sanitize_post()

sanitize_post_field()
sanitize_term()
sanitize_term_field()
sanitize_text_field()
sanitize_textarea_field()
sanitize_title()

sanitize_title_with_dashes()
sanitize_user()
wp_parse_slug_list()
wp_rel_nofollow()