WordPress.org

Function Reference/esc sql

Contents 1 Description 2 Usage 3 Parameters 4 Return Value 5 Example 6 Notes 7 Change Log 8 Source File 9 Related

Description

An alias for $wpdb->escape(). Prepares a string for use as an SQL query. A glorified addslashes() that works with arrays.

Usage

 <?php esc_sql( $sql ); ?> 

Parameters

$string

(string) (required) An unescaped SQL query string.

Default: None

Return Value

(string) Escaped value appropriate for use in a SQL query.

Example

$name=esc_sql($name);
$status=esc_sql($status);
$wpdb->get_var( 
  "SELECT something FROM table WHERE foo = '$name' and status = '$status'"
);

Notes

$wpdb->prepare() is generally preferred as it corrects some common formatting errors.

Change Log

Since: 2.8.0

Source File

esc_sql() is located in wp-includes/formatting.php.

Related

esc_attr(), esc_html(), esc_html_e(), esc_textarea(), esc_url(), esc_url_raw(), like_escape(), tag_escape(), urlencode(), urlencode_deep()

• Home Page
• WordPress Lessons
• Getting Started
• Working with WordPress
• Design and Layout
• Advanced Topics
• Troubleshooting
• Developer Docs
• About WordPress

Codex Resources

• Community portal
• Current events
• Recent changes
• Random page
• Help