wpdb::_real_escape() WordPress Method
The wpdb::_real_escape() method is used to escape a string for use in a SQL query. This is useful when you need to make sure that a string is safe to use in a query, without having to worry about SQL injection attacks.
wpdb::_real_escape( string $string ) #
Real escape, using mysqli_real_escape_string() or mysql_real_escape_string().
Description
See also
Parameters
- $string
(string)(Required)String to escape.
Return
(string) Escaped string.
Source
File: wp-includes/wp-db.php
public function _real_escape( $string ) {
if ( ! is_scalar( $string ) ) {
return '';
}
if ( $this->dbh ) {
if ( $this->use_mysqli ) {
$escaped = mysqli_real_escape_string( $this->dbh, $string );
} else {
$escaped = mysql_real_escape_string( $string, $this->dbh );
}
} else {
$class = get_class( $this );
wp_load_translations_early();
/* translators: %s: Database access abstraction class, usually wpdb or a class extending wpdb. */
_doing_it_wrong( $class, sprintf( __( '%s must set a database connection for use with escaping.' ), $class ), '3.6.0' );
$escaped = addslashes( $string );
}
return $this->add_placeholder_escape( $escaped );
}
Expand full source codeCollapse full source codeView on TracView on GitHub
Changelog
| Version | Description |
|---|---|
| 2.8.0 | Introduced. |