Attention Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

Function Reference/like escape

This function has been deprecated since Version 4.0. That means it has been replaced by a new function or is no longer supported, and may be removed from future versions. All code that uses this function should be converted to use its replacement if one exists. See also wp-includes/deprecated.php. Use any of these functions instead.


This function is deprecated as of WordPress 4.0. Please use $wpdb->esc_like() instead.

Sanitizes $string for use in a LIKE expression of an SQL query.

Note that the string still needs to be SQL escaped with esc_sql() if it is untrusted data. This needs to be done before using like_escape(), to avoid double-slashing the string.


 <?php $like like_escape$string ); ?> 


(string) (required) The LIKE argument portion of the SQL query.
Default: None

Return Value

Escaped value appropriate as a LIKE argument in a SQL query.


Try to match a suspicious link to links in comments marked as spam.

// Parse a suspicious URL so we can just get the main parts.
$url = parse_url( $suspiciuos_link );

// Strip out "http://" and any url parameters.
if ( isset( $url['path'] ) ) {
	$link = $url['host'] . $url['path'];
} else {
	$link = $url['host'];

// First, escape the link for use in our SQL query.
$link = esc_sql( $link );

// We are using this in a LIKE statement, so escape it for that as well.
$link = like_escape( $link );

// Add wildcards, since we are searching within comment text.
$link = '%' . $link . '%';

global $wpdb;

// Search local spam for comments or author url containing this link.
$matching_comments = $wpdb->get_var(
	FROM $wpdb->comments 
	WHERE (comment_content LIKE '$link' OR comment_author_url LIKE '$link')
		AND comment_approved = 'spam' 

echo $matching_comments . ' spam comments found with this link.';


Escapes % (percent) and _ (underscore) characters, as they have special meaning in LIKE arguments.

Change Log

Source File

like_escape() is located in wp-includes/formatting.php.


See: Data Validation article for an in-depth discussion of input and output sanitization.

See also index of Function Reference and index of Template Tags.