WordPress.org

Ready to get started?Download WordPress

Codex

Function Reference/like escape

Contents

Description

Sanitizes $string for use in a LIKE expression of an SQL query.

Note that the string still needs to be SQL escaped with esc_sql() if it is untrusted data. This needs to be done before using like_escape(), to avoid double-slashing the string.

Usage

 <?php $like like_escape$string ); ?> 

Parameters

$string
(string) (required) The LIKE argument portion of the SQL query.
Default: None

Return Value

(string) 
Escaped value appropriate as a LIKE argument in a SQL query.

Example

Try to match a suspicious link to links in comments marked as spam.

// Parse a suspicious URL so we can just get the main parts.
$url = parse_url( $suspiciuos_link );

// Strip out "http://" and any url parameters.
if ( isset( $url['path'] ) ) {
	$link = $url['host'] . $url['path'];
} else {
	$link = $url['host'];
}

// First, escape the link for use in our SQL query.
$link = esc_sql( $link );

// We are using this in a LIKE statement, so escape it for that as well.
$link = like_escape( $link );

// Add wildcards, since we are searching within comment text.
$link = '%' . $link . '%';

global $wpdb;

// Search local spam for comments or author url containing this link.
$matching_comments = $wpdb->get_var(
	"
	SELECT COUNT(*)
	FROM $wpdb->comments 
	WHERE (comment_content LIKE '$link' OR comment_author_url LIKE '$link')
		AND comment_approved = 'spam' 
	"
);

echo $matching_comments . ' spam comments found with this link.';

Notes

Escapes % (percent) and _ (underscore) characters, as they have special meaning in LIKE arguments.

Change Log

Since: 2.5.0

Source File

like_escape() is located in wp-includes/formatting.php.

Related

See: Data Validation article for an in-depth discussion of input and output sanitization.

See also index of Function Reference and index of Template Tags.