W3cubDocs

/WordPress

wpdb::esc_like( string $text ): string

First half of escaping for LIKE special characters % and _ before preparing for SQL.

Description

Use this only before wpdb::prepare() or esc_sql() . Reversing the order is very bad for security.

Example Prepared Statement:

$wild = '%';
$find = 'only 43% of planets';
$like = $wild . $wpdb->esc_like( $find ) . $wild;
$sql  = $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE post_content LIKE %s", $like );

Example Escape Chain:

$sql  = esc_sql( $wpdb->esc_like( $input ) );

Parameters

$textstringrequired: The raw text to be escaped. The input typed by the user should have no extra or deleted slashes.

Return

string Text in the form of a LIKE phrase. The output is not SQL safe.
Call wpdb::prepare() or wpdb::_real_escape() next.

Source

public function esc_like( $text ) {
	return addcslashes( $text, '_%\\' );
}

View all references View on Trac View on GitHub

Changelog

Version	Description
4.0.0	Introduced.

© 2003–2024 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/classes/wpdb/esc_like