esc_sql ( $data )

  • (string|array) data Unescaped data.
  • (string|array) Escaped data, in the same type as supplied.
Defined at:


Escapes data for use in a MySQL query.Usually you should prepare queries using wpdb::prepare(). Sometimes, spot-escaping is required or useful. One example is preparing an array for use in an IN clause. NOTE: Since 4.8.3, '%' characters will be replaced with a placeholder string, this prevents certain SQLi attacks from taking place. This change in behavior may cause issues for code that expects the return value of esc_sql() to be usable for other purposes.

Related Functions

esc_js, esc_url, esc_xml, esc_html, is_ssl

Top Google Results

User discussions

wpseek mobile