WordPress.org
Get WordPress
WordPress.org

WordPress Developer Resources

wpdb::placeholder_escape()

wpdb::placeholder_escape(): string

In this article

Back to top

Generates and returns a placeholder escape string for use in queries returned by ::prepare().

Return

string String to escape placeholders.

Source

public function placeholder_escape() {
	static $placeholder;

	if ( ! $placeholder ) {
		// If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
		$algo = function_exists( 'hash' ) ? 'sha256' : 'sha1';
		// Old WP installs may not have AUTH_SALT defined.
		$salt = defined( 'AUTH_SALT' ) && AUTH_SALT ? AUTH_SALT : (string) rand();

		$placeholder = '{' . hash_hmac( $algo, uniqid( $salt, true ), $salt ) . '}';
	}

	/*
	 * Add the filter to remove the placeholder escaper. Uses priority 0, so that anything
	 * else attached to this filter will receive the query with the placeholder string removed.
	 */
	if ( false === has_filter( 'query', array( $this, 'remove_placeholder_escape' ) ) ) {
		add_filter( 'query', array( $this, 'remove_placeholder_escape' ), 0 );
	}

	return $placeholder;
}

View all references View on Trac View on GitHub

UsesDescription
has_filter()wp-includes/plugin.php

Checks if any filter has been registered for a hook.

add_filter()wp-includes/plugin.php

Adds a callback function to a filter hook.

Used byDescription
WP_Query::generate_cache_key()wp-includes/class-wp-query.php

Generates cache key.

wpdb::add_placeholder_escape()wp-includes/class-wpdb.php

Adds a placeholder escape string, to escape anything that resembles a printf() placeholder.

wpdb::remove_placeholder_escape()wp-includes/class-wpdb.php

Removes the placeholder escape strings from a query.

Changelog

VersionDescription
4.8.3Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.