(Add your language)
Prepares a string for use as an SQL query. A glorified addslashes() that works with arrays.
<?php esc_sql( $sql ); ?>
- (string) (required) An unescaped SQL query string.
- Default: None
- Escaped value appropriate for use in a SQL query.
$name = esc_sql( $name );
$status = esc_sql( $status );
$wpdb->get_var( "SELECT something FROM table WHERE foo = '$name' and status = '$status'" );
- $wpdb->prepare() is generally preferred as it corrects some common formatting errors.
- This function was formerly just an alias for $wpdb->escape(), but that function has now been deprecated.
esc_sql() is located in
like_escape(), tag_escape(), urlencode(), urlencode_deep()
See: Data Validation article for an in-depth discussion of input and output sanitization.