wpdb::esc_like()
First half of escaping for LIKE special characters % and _ before preparing for MySQL.
Use this only before wpdb::prepare() or esc_sql(). Reversing the order is very bad for security.
Example Prepared Statement:
$wild = '%'; $find = 'only 43% of planets'; $like = $wild . $wpdb->esc_like( $find ) . $wild; $sql = $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE post_content LIKE %s", $like );
Example Escape Chain:
$sql = esc_sql( $wpdb->esc_like( $input ) );
Method of the class: wpdb{}
1 time — 0.00001 sec (speed of light) | 50000 times — 0.01 sec (speed of light) | PHP 7.4.8, WP 5.6.2
No Hooks.
Return
String
. Text in the form of a LIKE phrase. The output is not SQL safe. Call wpdb::prepare() or wpdb::_real_escape() next.
Usage
global $wpdb; $wpdb->esc_like( $text );
- $text(string) (required)
- The raw text to be escaped. The input typed by the user should have no extra or deleted slashes.
Examples
#1 Example of preparing a string for a LIKE query
$wild = '%'; $find = 'only 43% of planets'; $like = $wild . $wpdb->esc_like( $find ) . $wild; $sql = $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE post_content LIKE %s", $like ); echo $sql; // SELECT * FROM wp_posts WHERE post_content LIKE '{d710cab}only 43\{d710cab} of planets{d710cab}'
#2 Example with esc_sql()
$esc_like = $wpdb->esc_like( 'only 43% of planets' ); echo $esc_like; // only 43\% of planets echo esc_sql( $esc_like ); // only 43\{f5fa52} of planets
#3 Another example of preparing a string for a LIKE query
global $wpdb; $link = $wpdb->esc_like( $link ); // prepare a string for the LIKE argument $link = esc_sql( $link ); // clear the variable $link = '%' . $link . '%'; // create a full LIKE search variable // find comments in the text or link of the author, there is a specified link $spammy = $wpdb->query("SELECT comment_approved FROM $wpdb->comments WHERE (comment_content LIKE '$link' OR comment_author_url LIKE '$link') AND comment_approved = 'spam' LIMIT 1;" );
#4 A short recording with prepare()
global $wpdb; $link = '%' . $wpdb->esc_like( $link ) . '%'; $comment = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->comments WHERE comment_author_url LIKE %s LIMIT 1", $link ) );
Changelog
Since 4.0.0 | Introduced. |
wpdb::esc_like() wpdb::esc like code WP 6.5.2
public function esc_like( $text ) { return addcslashes( $text, '_%\\' ); }