esc_sql() - Escapes data for use in a MySQL query.

single.html

WordPress core a2z

WordPress core only

Home » APIs » esc_sql() – Escapes data for use in a MySQL query.

esc_sql() – Escapes data for use in a MySQL query.

You appear to be a bot. Output may be restricted

Description

Escapes data for use in a MySQL query.

Usually you should prepare queries using wpdb::prepare(). Sometimes, spot-escaping is required or useful. One example is preparing an array for use in an IN clause. NOTE: Since 4.8.3, '%' characters will be replaced with a placeholder string, this prevents certain SQLi attacks from taking place. This change in behaviour may cause issues for code that expects the return value of esc_sql() to be useable for other purposes.

Usage

$string|array = esc_sql( $data );

Parameters

$data: ( string|array ) required – Unescaped data.

Returns

string|array Escaped data, in the same type as supplied.

Source

File name: wordpress/wp-includes/formatting.php
Lines:

1 to 4 of 4

function esc_sql( $data ) {
  global $wpdb;
  return $wpdb->_escape( $data );
}

View on GitHub View on Trac

Published:

25th November 2019

Last updated:

25th November 2019

Information

Function name: esc_sql

Plugin ref: WordPress

Version: 6.1.1

Sourcefile: wp-includes/formatting.php

File ref: wp-includes/formatting.php

Deprecated?: No

API Letters: E,S