WordPress at Your Fingertips

wpdb::esc_like() WP 1.0

First half of escaping for LIKE special characters % and _ before preparing for MySQL.

Use this only before wpdb::prepare() or esc_sql(). Reversing the order is very bad for security.

Example Prepared Statement:

$wild = '%';
$find = 'only 43% of planets';
$like = $wild . $wpdb->esc_like( $find ) . $wild;
$sql  = $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE post_content LIKE %s", $like );

Example Escape Chain:

$sql  = esc_sql( $wpdb->esc_like( $input ) );

{} It's a method of the class: wpdb{}

1 time — 0.00001 sec (speed of light) | 50000 times — 0.01 sec (speed of light) | PHP 7.4.8, WP 5.6.2

No Hooks.


String. Text in the form of a LIKE phrase. The output is not SQL safe. Call wpdb::prepare() or wpdb::_real_escape() next.


global $wpdb;
$wpdb->esc_like( $text );
$text(string) (required)
The raw text to be escaped. The input typed by the user should have no extra or deleted slashes.


Since 4.0.0 Introduced.

Code of wpdb::esc_like() WP 5.8

public function esc_like( $text ) {
	return addcslashes( $text, '_%\\' );

From tag: wpdb

No comments
    Log In