W3cubDocs

/WordPress

wpdb::esc_like( string $text )

First half of escaping for LIKE special characters % and _ before preparing for MySQL.

Description

Use this only before wpdb::prepare() or esc_sql(). Reversing the order is very bad for security.

Example Prepared Statement:

$wild = '%';
$find = 'only 43% of planets';
$like = $wild . $wpdb->esc_like( $find ) . $wild;
$sql  = $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE post_content LIKE %s", $like );

Example Escape Chain:

$sql  = esc_sql( $wpdb->esc_like( $input ) );

Parameters

$text

(string) (Required) The raw text to be escaped. The input typed by the user should have no extra or deleted slashes.

Return

(string) Text in the form of a LIKE phrase. The output is not SQL safe. Call wpdb::prepare() or wpdb::_real_escape() next.

Source

File: wp-includes/wp-db.php 

public function esc_like( $text ) {
		return addcslashes( $text, '_%\\' );
	}

Used By

Used By Description
wp-includes/post.php: wp_delete_attachment_files()

Deletes all files that belong to the given attachment.
wp-includes/option.php: delete_expired_transients()

Deletes all expired transients.
wp-includes/class-wp-term-query.php: WP_Term_Query::get_search_sql()

Used internally to generate a SQL string related to the ‘search’ parameter.
wp-includes/class-wp-term-query.php: WP_Term_Query::get_terms()

Get terms, based on query_vars.
wp-includes/class-wp-network-query.php: WP_Network_Query::get_search_sql()

Used internally to generate an SQL string for searching across multiple columns.
wp-includes/class-wp-site-query.php: WP_Site_Query::get_search_sql()

Used internally to generate an SQL string for searching across multiple columns.
wp-includes/class-wp-meta-query.php: WP_Meta_Query::get_sql_for_clause()

Generate SQL JOIN and WHERE clauses for a first-order query clause.
wp-admin/includes/network.php: network_domain_check()

Check for an existing network.
wp-admin/install.php: display_setup_form()

Display installer setup form.
wp-admin/includes/upgrade.php: maybe_create_table()

Creates a table in the database, if it doesn’t already exist.
wp-admin/includes/template.php: meta_form()

Prints the form in the Custom Fields meta box.
wp-admin/includes/class-wp-ms-sites-list-table.php: WP_MS_Sites_List_Table::prepare_items()

Prepares the list of sites for display.
wp-includes/class-wp-query.php: WP_Query::parse_search()

Generates SQL for the WHERE clause based on passed search terms.
wp-includes/class-wp-query.php: WP_Query::parse_search_order()

Generates SQL for the ORDER BY condition based on passed search terms.
wp-includes/functions.php: do_enclose()

Check content for video and audio links to add as enclosures.
wp-includes/class-wp-user-query.php: WP_User_Query::get_search_sql()

Used internally to generate an SQL string for searching across multiple columns
wp-includes/user.php: count_users()

Count number of users who have each of the user roles.
wp-includes/canonical.php: redirect_guess_404_permalink()

Attempts to guess the correct URL for a 404 request based on query vars.
wp-includes/ms-load.php: ms_not_installed()

Displays a failure message.
wp-includes/bookmark.php: get_bookmarks()

Retrieves the list of bookmarks
wp-includes/class-wp-comment-query.php: WP_Comment_Query::get_search_sql()

Used internally to generate an SQL string for searching across multiple columns

Changelog

Version Description
4.0.0 Introduced.

© 2003–2019 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/classes/wpdb/esc_like