WordPress.org

Ready to get started?Download WordPress

Codex

Function Reference/esc sql

Contents

Description

Prepares a string for use as an SQL query. A glorified addslashes() that works with arrays.

Usage

 <?php esc_sql$sql ); ?> 

Parameters

$string
(string) (required) An unescaped SQL query string.
Default: None

Return Value

(string) 
Escaped value appropriate for use in a SQL query.

Example

<?php

$name   = esc_sql( $name );
$status = esc_sql( $status );

$wpdb->get_var( "SELECT something FROM table WHERE foo = '$name' and status = '$status'" );

?>

Notes

  • $wpdb->prepare() is generally preferred as it corrects some common formatting errors.
  • This function was formerly just an alias for $wpdb->escape(), but that function has now been deprecated.

Change Log

Since: 2.8.0

Source File

esc_sql() is located in wp-includes/formatting.php.

Related

like_escape(), tag_escape(), urlencode(), urlencode_deep()

See: Data Validation article for an in-depth discussion of input and output sanitization.

See also index of Function Reference and index of Template Tags.
This article is marked as in need of editing. You can help Codex by editing it.