Skip to content
Snippets Groups Projects
Escape.php 1.04 KiB
Newer Older
Josh Pollock's avatar
Josh Pollock committed
<?php


namespace calderawp\CalderaFormsQuery;

/**
 * Class Escape
 *
 * SQL Escape functions
 */
class Escape
{

	/**
	 * Copy of WPDB::esc_like()
	 *
	 * First half of escaping for LIKE special characters % and _ before preparing for MySQL.
	 *
	 * Use this only before wpdb::prepare() or esc_sql().  Reversing the order is very bad for security.
	 *
	 * Example Prepared Statement:
	 *
	 *     $wild = '%';
	 *     $find = 'only 43% of planets';
	 *     $like = $wild . $wpdb->esc_like( $find ) . $wild;
	 *     $sql  = $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE post_content LIKE %s", $like );
	 *
	 * Example Escape Chain:
	 *
	 *     $sql  = esc_sql( $wpdb->esc_like( $input ) );
	 * @param string $text The raw text to be escaped. The input typed by the user should have no
	 *                     extra or deleted slashes.
	 * @return string Text in the form of a LIKE phrase. The output is not SQL safe. Call $wpdb::prepare()
	 *                or real_escape next.
	 */
Josh Pollock's avatar
Josh Pollock committed
	public static function like($text)
	{
		return addcslashes($text, '_%\\');
Josh Pollock's avatar
Josh Pollock committed
}