Skip to content
Snippets Groups Projects
Normal view Permalink
Escape.php 1.04 KiB
Newer Older
  • Learn to ignore specific revisions
    • Josh Pollock's avatar
    Basic select and deletes
    Josh Pollock committed
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 
    <?php


namespace calderawp\CalderaFormsQuery;

/**
 * Class Escape
 *
 * SQL Escape functions
 */
class Escape
{

	/**
	 * Copy of WPDB::esc_like()
	 *
	 * First half of escaping for LIKE special characters % and _ before preparing for MySQL.
	 *
	 * Use this only before wpdb::prepare() or esc_sql().  Reversing the order is very bad for security.
	 *
	 * Example Prepared Statement:
	 *
	 *     $wild = '%';
	 *     $find = 'only 43% of planets';
	 *     $like = $wild . $wpdb->esc_like( $find ) . $wild;
	 *     $sql  = $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE post_content LIKE %s", $like );
	 *
	 * Example Escape Chain:
	 *
	 *     $sql  = esc_sql( $wpdb->esc_like( $input ) );
	 * @param string $text The raw text to be escaped. The input typed by the user should have no
	 *                     extra or deleted slashes.
	 * @return string Text in the form of a LIKE phrase. The output is not SQL safe. Call $wpdb::prepare()
	 *                or real_escape next.
	 */
    Josh Pollock's avatar
    Clean up code  
    Josh Pollock committed
    36 37 38 
    	public static function like($text)
	{
		return addcslashes($text, '_%\\');
    Josh Pollock's avatar
    Basic select and deletes
    Josh Pollock committed
    39 
    	}
    Josh Pollock's avatar
    Clean up code  
    Josh Pollock committed
    40 
    }