<?php namespace calderawp\CalderaFormsQuery; /** * Class Escape * * SQL Escape functions */ class Escape { /** * Copy of WPDB::esc_like() * * First half of escaping for LIKE special characters % and _ before preparing for MySQL. * * Use this only before wpdb::prepare() or esc_sql(). Reversing the order is very bad for security. * * Example Prepared Statement: * * $wild = '%'; * $find = 'only 43% of planets'; * $like = $wild . $wpdb->esc_like( $find ) . $wild; * $sql = $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE post_content LIKE %s", $like ); * * Example Escape Chain: * * $sql = esc_sql( $wpdb->esc_like( $input ) ); * @param string $text The raw text to be escaped. The input typed by the user should have no * extra or deleted slashes. * @return string Text in the form of a LIKE phrase. The output is not SQL safe. Call $wpdb::prepare() * or real_escape next. */ public static function like($text) { return addcslashes($text, '_%\\'); } }