esc_url_raw( string $url, string[] $protocols = null )

Performs esc_url() for database or redirect usage.

Contents

Description

Top ↑

See also

Top ↑

Parameters

$url

(string) (Required) The URL to be cleaned.

$protocols

(string[]) (Optional) An array of acceptable protocols. Defaults to return value of wp_allowed_protocols().

Default value: null

Top ↑

Return

(string) The cleaned URL after esc_url() is run with the 'db' context.

Top ↑

More Information

The esc_url_raw() function is similar to esc_url() (and actually uses it), but unlike esc_url() it does not replace entities for display. The resulting URL is safe to use in database queries, redirects and HTTP requests.

This function is not safe to use for displaying the URL, use esc_url() instead.

Top ↑

Source

File: wp-includes/formatting.php 

function esc_url_raw( $url, $protocols = null ) {
	return esc_url( $url, $protocols, 'db' );
}

Expand full source code Collapse full source code View on Trac View on GitHub

Top ↑

Top ↑

Used By

Used By
Used By Description
wp-includes/rest-api/endpoints/class-wp-rest-menu-items-controller.php: WP_REST_Menu_Items_Controller::get_item_schema()

Retrieves the term’s schema, conforming to JSON Schema.
wp-includes/script-loader.php: wp_default_packages_inline_scripts()

Adds inline scripts required for the WordPress JavaScript packages.
wp-includes/user.php: _wp_privacy_send_request_confirmation_notification()

Notifies the site administrator via email when a request is confirmed.
wp-includes/user.php: _wp_privacy_send_erasure_fulfillment_notification()

Notifies the user when their erasure request is fulfilled.
wp-includes/user.php: wp_send_user_request()

Send a confirmation request email to confirm an action.
wp-admin/includes/privacy-tools.php: wp_privacy_send_personal_data_export_email()

Send an email to the user with a link to the personal data export file
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::_sanitize_external_header_video()

Callback for sanitizing the external_header_video value.
wp-includes/rest-api.php: rest_sanitize_value_from_schema()

Sanitize a value based on a schema.
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::_sanitize_background_setting()

Callback for validating a background setting value.
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::_validate_external_header_video()

Callback for validating the external_header_video value.
wp-includes/theme.php: get_header_video_url()

Retrieves header video URL for custom header.
wp-includes/rest-api.php: rest_send_cors_headers()

Sends Cross-Origin Resource Sharing headers with API requests.
wp-includes/rest-api.php: rest_output_link_header()

Sends a Link header for the REST API.
wp-includes/embed.php: get_post_embed_url()

Retrieves the URL to embed a specific post in an iframe.
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::set_return_url()

Sets URL to link the user to when closing the Customizer.
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::customize_pane_settings()

Prints JavaScript settings for parent window.
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::set_preview_url()

Sets the initial URL to be previewed.
wp-includes/rest-api/class-wp-rest-server.php: WP_REST_Server::serve_request()

Handles serving a REST API request.
wp-includes/customize/class-wp-customize-nav-menu-item-setting.php: WP_Customize_Nav_Menu_Item_Setting::sanitize()

Sanitize an input.
wp-includes/theme.php: get_editor_stylesheets()

Retrieves any registered editor stylesheet URLs.
wp-login.php: login_footer()

Outputs the footer for the login page.
wp-admin/includes/theme.php: wp_prepare_themes_for_js()

Prepares themes for JavaScript.
wp-admin/includes/export.php: export_wp()

Generates the WXR export file for download.
wp-admin/includes/user.php: edit_user()

Edit user settings based on contents of $_POST
wp-admin/includes/media.php: wp_media_upload_handler()

Handles the process of uploading media.
wp-admin/includes/post.php: edit_post()

Updates an existing post with values provided in $_POST.
wp-admin/includes/ajax-actions.php: wp_ajax_send_link_to_editor()

Ajax handler for sending a link to the editor.
wp-admin/includes/ajax-actions.php: _wp_ajax_delete_comment_response()

Sends back current comment total and new page links if they need to be updated.
wp-admin/includes/class-custom-image-header.php: Custom_Image_Header::set_header_image()

Choose a header image, selected from existing uploaded and default headers, or provide an array of uploaded header data (either new, or from media library).
wp-admin/includes/class-custom-background.php: Custom_Background::wp_set_background_image()
wp-admin/includes/class-custom-background.php: Custom_Background::handle_upload()

Handle an Image upload for the background image.
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::customize_preview_settings()

Prints JavaScript settings for preview frame.
wp-includes/theme.php: _custom_background_cb()

Default custom background callback.
wp-includes/theme.php: get_header_image()

Retrieves header image for custom header.
wp-includes/theme.php: get_uploaded_header_images()

Gets the header images uploaded for the active theme.
wp-includes/formatting.php: get_url_in_content()

Extracts and returns the first URL from passed content.
wp-includes/formatting.php: sanitize_option()

Sanitizes various option values based on the nature of the option.
wp-includes/general-template.php: get_the_generator()

Creates the generator XML or Comment for RSS, ATOM, etc.
wp-includes/formatting.php: sanitize_url()

Performs esc_url() for database or redirect usage.
wp-includes/class-wp-theme.php: WP_Theme::sanitize_header()

Sanitizes a theme header.
wp-includes/widgets.php: wp_widget_rss_process()

Process RSS feed widget data and optionally retrieve feed items.
wp-includes/link-template.php: get_pagenum_link()

Retrieves the link for a page number.
wp-includes/update.php: wp_update_plugins()

Checks for available updates to plugins based on the latest versions hosted on WordPress.org.
wp-includes/ms-deprecated.php: get_blogaddress_by_domain()

Get a full blog URL, given a domain and a path.
wp-includes/nav-menu.php: wp_update_nav_menu_item()

Saves the properties of a menu item or create a new one.
wp-includes/script-loader.php: wp_default_scripts()

Registers all WordPress scripts.
Show 41 more used by Hide more used by

Top ↑

Changelog

Changelog
Version Description
2.8.0 Introduced.

Top ↑

User Contributed Notes

  1. Skip to note 1 content
    You must log in to vote on the helpfulness of this noteVote results for this note: 3You must log in to vote on the helpfulness of this note
    Contributed by Codex

    Right and Wrong usage

    <!-- Right -->
$url = 'http://wordpress.org';
$response = wp_remote_get( esc_url_raw( $url ) ); // no need to escape entities

if ( ! is_wp_error( $response ) ) {
	echo wp_remote_retrieve_body( $response );
}

    <!-- Wrong! Use esc_url instead! -->
<img src="<?php echo esc_url_raw( $url ); ?>" />
<a href="<?php echo esc_url_raw( $url ); ?>">WordPress</a>

You must log in before being able to contribute a note or feedback.