wpdb::esc_like( string $text ): string
First half of escaping for LIKE special characters % and _ before preparing for SQL.
Description
Use this only before wpdb::prepare() or esc_sql() . Reversing the order is very bad for security.
Example Prepared Statement:
$wild = '%';
$find = 'only 43% of planets';
$like = $wild . $wpdb->esc_like( $find ) . $wild;
$sql = $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE post_content LIKE %s", $like );Example Escape Chain:
$sql = esc_sql( $wpdb->esc_like( $input ) );Parameters
$textstring Required-
The raw text to be escaped. The input typed by the user should have no extra or deleted slashes.
Return
string Text in the form of a LIKE phrase. The output is not SQL safe.
Call wpdb::prepare() or wpdb::_real_escape() next.
Source
File: wp-includes/class-wpdb.php. View all references
public function esc_like( $text ) {
return addcslashes( $text, '_%\\' );
}
Related
Used By
| Used By | Description |
|---|---|
| wp_delete_attachment_files() wp-includes/post.php | Deletes all files that belong to the given attachment. |
| delete_expired_transients() wp-includes/option.php | Deletes all expired transients. |
| WP_Term_Query::get_search_sql() wp-includes/class-wp-term-query.php | Used internally to generate a SQL string related to the ‘search’ parameter. |
| WP_Term_Query::get_terms() wp-includes/class-wp-term-query.php | Retrieves the query results. |
| WP_Network_Query::get_search_sql() wp-includes/class-wp-network-query.php | Used internally to generate an SQL string for searching across multiple columns. |
| WP_Site_Query::get_search_sql() wp-includes/class-wp-site-query.php | Used internally to generate an SQL string for searching across multiple columns. |
| WP_Meta_Query::get_sql_for_clause() wp-includes/class-wp-meta-query.php | Generate SQL JOIN and WHERE clauses for a first-order query clause. |
| display_setup_form() wp-admin/install.php | Displays installer setup form. |
| network_domain_check() wp-admin/includes/network.php | Check for an existing network. |
| maybe_create_table() wp-admin/includes/upgrade.php | Creates a table in the database, if it doesn’t already exist. |
| meta_form() wp-admin/includes/template.php | Prints the form in the Custom Fields meta box. |
| WP_MS_Sites_List_Table::prepare_items() wp-admin/includes/class-wp-ms-sites-list-table.php | Prepares the list of sites for display. |
| WP_Query::parse_search() wp-includes/class-wp-query.php | Generates SQL for the WHERE clause based on passed search terms. |
| WP_Query::parse_search_order() wp-includes/class-wp-query.php | Generates SQL for the ORDER BY condition based on passed search terms. |
| do_enclose() wp-includes/functions.php | Checks content for video and audio links to add as enclosures. |
| WP_User_Query::get_search_sql() wp-includes/class-wp-user-query.php | Used internally to generate an SQL string for searching across multiple columns. |
| count_users() wp-includes/user.php | Counts number of users who have each of the user roles. |
| redirect_guess_404_permalink() wp-includes/canonical.php | Attempts to guess the correct URL for a 404 request based on query vars. |
| get_bookmarks() wp-includes/bookmark.php | Retrieves the list of bookmarks. |
| ms_not_installed() wp-includes/ms-load.php | Displays a failure message. |
| WP_Comment_Query::get_search_sql() wp-includes/class-wp-comment-query.php | Used internally to generate an SQL string for searching across multiple columns. |
Changelog
| Version | Description |
|---|---|
| 4.0.0 | Introduced. |
© 2003–2022 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/classes/wpdb/esc_like