Codex tools: Log in
An alias for $wpdb->escape(). Prepares a string for use as an SQL query. A glorified addslashes() that works with arrays.
<?php esc_sql( $sql ); ?>
(string) Escaped value appropriate for use in a SQL query.
$name=esc_sql($name); $status=esc_sql($status); $wpdb->get_var( "SELECT something FROM table WHERE foo = '$name' and status = '$status'" );
$wpdb->prepare() is generally preferred as it corrects some common formatting errors.
esc_sql() is located in