WordPress.org

Ready to get started?Download WordPress

Codex

Attention Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

Function Reference/like escape


This function has been deprecated since Version 4.0. That means it has been replaced by a new function or is no longer supported, and may be removed from future versions. All code that uses this function should be converted to use its replacement if one exists. See also wp-includes/deprecated.php. Use any of these functions instead.

Description

This function is deprecated as of WordPress 4.0. Please use $wpdb->esc_like() instead.

Sanitizes $string for use in a LIKE expression of an SQL query.

Note that the string still needs to be SQL escaped with esc_sql() if it is untrusted data. This needs to be done before using like_escape(), to avoid double-slashing the string.

Usage

 <?php $like like_escape$string ); ?> 

Parameters

$string
(string) (required) The LIKE argument portion of the SQL query.
Default: None

Return Value

(string) 
Escaped value appropriate as a LIKE argument in a SQL query.

Example

Try to match a suspicious link to links in comments marked as spam.

// Parse a suspicious URL so we can just get the main parts.
$url = parse_url( $suspiciuos_link );

// Strip out "http://" and any url parameters.
if ( isset( $url['path'] ) ) {
	$link = $url['host'] . $url['path'];
} else {
	$link = $url['host'];
}

// First, escape the link for use in our SQL query.
$link = esc_sql( $link );

// We are using this in a LIKE statement, so escape it for that as well.
$link = like_escape( $link );

// Add wildcards, since we are searching within comment text.
$link = '%' . $link . '%';

global $wpdb;

// Search local spam for comments or author url containing this link.
$matching_comments = $wpdb->get_var(
	"
	SELECT COUNT(*)
	FROM $wpdb->comments 
	WHERE (comment_content LIKE '$link' OR comment_author_url LIKE '$link')
		AND comment_approved = 'spam' 
	"
);

echo $matching_comments . ' spam comments found with this link.';

Notes

Escapes % (percent) and _ (underscore) characters, as they have special meaning in LIKE arguments.

Change Log

Source File

like_escape() is located in wp-includes/formatting.php.

Related

See: Data Validation article for an in-depth discussion of input and output sanitization.

See also index of Function Reference and index of Template Tags.