W3cubDocs

/WordPress

wpdb::placeholder_escape()

Generates and returns a placeholder escape string for use in queries returned by ::prepare().

Return

(string) String to escape placeholders.

Source

public function placeholder_escape() {
		static $placeholder;

		if ( ! $placeholder ) {
			// If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
			$algo = function_exists( 'hash' ) ? 'sha256' : 'sha1';
			// Old WP installs may not have AUTH_SALT defined.
			$salt = defined( 'AUTH_SALT' ) && AUTH_SALT ? AUTH_SALT : (string) rand();

			$placeholder = '{' . hash_hmac( $algo, uniqid( $salt, true ), $salt ) . '}';
		}

		/*
		 * Add the filter to remove the placeholder escaper. Uses priority 0, so that anything
		 * else attached to this filter will receive the query with the placeholder string removed.
		 */
		if ( false === has_filter( 'query', array( $this, 'remove_placeholder_escape' ) ) ) {
			add_filter( 'query', array( $this, 'remove_placeholder_escape' ), 0 );
		}

		return $placeholder;
	}

Uses

Uses	Description
wp-includes/plugin.php: has_filter()	Check if any filter has been registered for a hook.
wp-includes/plugin.php: add_filter()	Hook a function or method to a specific filter action.

Used By

Used By	Description
wp-includes/wp-db.php: wpdb::add_placeholder_escape()	Adds a placeholder escape string, to escape anything that resembles a printf() placeholder.
wp-includes/wp-db.php: wpdb::remove_placeholder_escape()	Removes the placeholder escape strings from a query.

Changelog

Version	Description
4.8.3	Introduced.

© 2003–2019 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/classes/wpdb/placeholder_escape