Codex tools: Log in
Sanitizes $string for use in a LIKE expression of a SQL query. Will still need to be SQL escaped with $wpdb->prepare() or esc_sql() along with the rest of the query.
<?php $like = like_escape( $string ); ?>
Try to match a suspicious link to links in comments marked as spam.
//$match = suspicious link $url = parse_url($match); //strip out "http://" and any url parameters array_key_exists('path', $url) ? $link = $url['host'] . $url['path'] : $link = $url['host']; $link = like_escape($link); //prepare for use as LIKE argument $link = esc_sql($link); //sql escape required as well $link = '%' . $link . '%'; //add wildcards to LIKE argument //search local spam for comments or author url containing each link $spammy = $wpdb->query(" SELECT comment_approved FROM $wpdb->comments WHERE (comment_content LIKE '$link' OR comment_author_url LIKE '$link') AND comment_approved = 'spam' LIMIT 1;"); //if $spammy == 1 there was a match to comments marked as spam
Escapes % (percent) and _ (underscore) characters, as they have special meaning in LIKE arguments.
like_escape() is located in