esc_sql

Escapes data for use in a MySQL query.

Description

(string|array) esc_sql( (string|array) $data ); 

Usually you should prepare queries using wpdb::prepare(). Sometimes, spot-escaping is required or useful. One example is preparing an array for use in an IN clause.

Returns (string|array)

Escaped data

Parameters (1)

0. $data (string|array)
Unescaped data

Usage

  1. if ( !function_exists( 'esc_sql' ) ) { 
  2. require_once ABSPATH . WPINC . '/formatting.php'; 
  3.  
  4. // Unescaped data 
  5. $data = null; 
  6.  
  7. // NOTICE! Understand what this does before running. 
  8. $result = esc_sql($data); 
  9.  

Defined (1)

The function is defined in the following location(s).

/wp-includes/formatting.php  
  1. function esc_sql( $data ) { 
  2. global $wpdb; 
  3. return $wpdb->_escape( $data );