esc_sql

Escapes data for use in a MySQL query.

Description

(string|array) esc_sql( (string|array) $data );

Usually you should prepare queries using wpdb::prepare(…). Sometimes, spot-escaping is required or useful. One example is preparing an array for use in an IN clause.

Returns (string|array)

Escaped data

Parameters (1)

0. $data (string|array): Unescaped data

Usage

if ( !function_exists( 'esc_sql' ) ) { 
    require_once ABSPATH . WPINC . '/formatting.php'; 
} 
  
// Unescaped data 
$data = null; 
  
// NOTICE! Understand what this does before running. 
$result = esc_sql($data);

Defined (1)

The function is defined in the following location(s).

/wp-includes/formatting.php

function esc_sql( $data ) { 
    global $wpdb; 
    return $wpdb->_escape( $data ); 
}