wpdb::esc_like() public WP 4.0.0
First half of escaping for LIKE special characters % and _ before preparing for MySQL.
Use this only before wpdb::prepare() or esc_sql(). Reversing the order is very bad for security.
Example Prepared Statement:
$wild = '%'; $find = 'only 43% of planets'; $like = $wild . $wpdb->esc_like( $find ) . $wild; $sql = $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE post_content LIKE %s", $like );
Example Escape Chain:
$sql = esc_sql( $wpdb->esc_like( $input ) );
{} It's a method of the class: wpdb{}
No Hooks.
Return
String. Text in the form of a LIKE phrase. The output is not SQL safe. Call wpdb::prepare() or wpdb::_real_escape() next.
Usage
global $wpdb; $wpdb->esc_like( $text );
- $text(string) (required)
- The raw text to be escaped. The input typed by the user should have no extra or deleted slashes.
Changelog
Since 4.0.0 | Introduced. |
Code of wpdb::esc_like() wpdb::esc like WP 5.6
public function esc_like( $text ) {
return addcslashes( $text, '_%\\' );
}