wpdb::placeholder_escape() WordPress Method
The wpdb::placeholder_escape() method is used to escape a placeholder for a parameter in a SQL query. Placeholders are used to substitute values in a query, and are typically used when preparing a SQL statement for execution. This method takes a string containing a placeholder and escapes it for use in a SQL query.
wpdb::placeholder_escape() #
Generates and returns a placeholder escape string for use in queries returned by ::prepare().
Return
(string) String to escape placeholders.
Source
File: wp-includes/wp-db.php
public function placeholder_escape() {
static $placeholder;
if ( ! $placeholder ) {
// If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
$algo = function_exists( 'hash' ) ? 'sha256' : 'sha1';
// Old WP installs may not have AUTH_SALT defined.
$salt = defined( 'AUTH_SALT' ) && AUTH_SALT ? AUTH_SALT : (string) rand();
$placeholder = '{' . hash_hmac( $algo, uniqid( $salt, true ), $salt ) . '}';
}
/*
* Add the filter to remove the placeholder escaper. Uses priority 0, so that anything
* else attached to this filter will receive the query with the placeholder string removed.
*/
if ( false === has_filter( 'query', array( $this, 'remove_placeholder_escape' ) ) ) {
add_filter( 'query', array( $this, 'remove_placeholder_escape' ), 0 );
}
return $placeholder;
}
Expand full source codeCollapse full source codeView on TracView on GitHub
Changelog
| Version | Description |
|---|---|
| 4.8.3 | Introduced. |