escilpe mysql,wordpress函数esc

esc_sql( string|array $data )

Escapes data for use in a MySQL query.

描述

Usually you should prepare queries using wpdb::prepare(). Sometimes, spot-escaping is required or useful. One example is preparing an array for use in an IN clause.

参数

$data

(string|array)

(Required)

Unescaped data

返回值

(string|array) Escaped data

源代码

File: wp-includes/formatting.php

function esc_sql( $data ) {

global $wpdb;

return $wpdb->_escape( $data );

}

更新日志

Version

描述

2.8.0

Introduced.

相关函数

Uses

wp-includes/wp-db.php:

wpdb::_escape()

Used By

wp-includes/class-wp-user-query.php:

WP_User_Query::parse_orderby()

wp-includes/class-wp-comment-query.php:

WP_Comment_Query::parse_orderby()

wp-includes/date.php:

WP_Date_Query::get_sql_for_clause()

wp-includes/class-wp-query.php:

WP_Query::get_posts()

wp-includes/class-wp-tax-query.php:

WP_Tax_Query::transform_query()

wp-includes/taxonomy.php:

_pad_term_counts()

wp-includes/taxonomy.php:

_update_post_term_count()

wp-includes/date.php:

WP_Date_Query::__construct()

wp-includes/post.php:

get_page_by_path()

wp-includes/post.php:

get_page_by_title()

Show 5 more used by

Hide more used by

User Contributed Notes

Skip to note content

You must log in to vote on the helpfulness of this noteVote results for this note: 1You must log in to vote on the helpfulness of this note

Contributed by J.D. Grimes

It should be noted that this function will only escape values to be used in strings in the query. That is, it only provides escaping for values that will be within quotes in the SQL (as in field = '{$escaped_value}'). If your value is not going to be within quotes, your code will still be vulnerable to SQL injection. For example, this is vulnerable, because the escaped value is not surrounded by quotes in the SQL query: ORDER BY {$escaped_value}. As such, this function does not escape unquoted numeric values, field names, or SQL keywords..

Basic Example

$name = esc_sql( $name );

$status = esc_sql( $status );

$wpdb->get_var( "SELECT something FROM table WHERE foo = '$name' and status = '$status'" );

escilpe mysql,wordpress函数esc_sql()用法示例相关推荐

PHP Calendar 函数,wordpress函数get_calendar()用法示例
get_calendar( bool $initial = true, bool $echo = true ) Display calendar with days that have posts a ...
php中mimes函数,wordpress函数check_upload_mimes()用法示例
check_upload_mimes( array $mimes ) Check an array of MIME types against a whitelist. 描述 WordPress sh ...
MySQL自定义函数简单用法示例
点击新建函数比如我要创建一个求平方和的函数选择是否添加参数,可以选择参数类型选择返回的属性的类型这是自定义函数的语法 CREATE FUNCTION <函数名> ( [ <参 ...
php getfooter,wordpress函数get_footer()用法示例
get_footer( string $name = null ) Load footer template. 描述 Includes the footer template for a theme ...
add php support,wordpress函数add_post_type_support()用法示例
add_post_type_support( string $post_type, string|array $feature ) Register support of certain featur ...
php geteditor,wordpress函数get_editor_stylesheets()用法示例
get_editor_stylesheets() Retrieve any registered editor stylesheets 描述返回值 (array) If registered, a ...
php函数clean(),wordpress函数clean_url()用法示例
Warning: This function has been deprecated. Use esc_url() instead. clean_url( string $url, array $pr ...
?php get_sidebar(); ?,wordpress函数get_sidebar()用法示例
get_sidebar( string $name = null ) Load sidebar template. 描述 Includes the sidebar template for a the ...
html class函数,wordpress函数sanitize_html_class()用法示例
sanitize_html_class( string $class, string $fallback = '' ) Sanitizes an HTML classname to ensure it ...

escilpe mysql,wordpress函数esc_sql()用法示例

escilpe mysql,wordpress函数esc_sql()用法示例相关推荐

最新文章

热门文章