Codex tools: Log in
Contents |
Sanitizes $string for use in a LIKE expression of a SQL query. Will still need to be SQL escaped with $wpdb->prepare or $wpdb->escape along with the rest of the query.
<?php $like = like_escape( $string ); ?>
(string) Escaped value appropriate as a LIKE argument in a SQL query.
Try to match a suspicious link to links in comments marked as spam.
//$match = suspicious link
$url = parse_url($match);
//strip out "http://" and any url parameters
array_key_exists('path', $url) ? $link = $url['host'] . $url['path'] : $link = $url['host'];
$link = like_escape($link); //prepare for use as LIKE argument
$link = $wpdb->escape($link); //sql escape required as well
$link = '%' . $link . '%'; //add wildcards to LIKE argument
//search local spam for comments or author url containing each link
$spammy = $wpdb->query("
SELECT comment_approved
FROM $wpdb->comments
WHERE (comment_content LIKE '$link'
OR comment_author_url LIKE '$link')
AND comment_approved = 'spam'
LIMIT 1;");
//if $spammy == 1 there was a match to comments marked as spam
Escapes % (percent) and _ (underscore) characters, as they have special meaning in LIKE arguments.
Since: 2.5.0
like_escape() is located in wp-includes/formatting.php.
esc_attr(), esc_html(), esc_html_e(), esc_sql(), esc_textarea(), esc_url(), esc_url_raw(), tag_escape(), urlencode(), urlencode_deep()
