esc_url_raw( string $url, string[] $protocols = null )

Performs esc_url() for database usage.


Parameters Parameters

$url

(string) (Required) The URL to be cleaned.

$protocols

(string[]) (Optional) An array of acceptable protocols. Defaults to return value of wp_allowed_protocols().

Default value: null


Top ↑

Return Return

(string) The cleaned URL.


Top ↑

More Information More Information

The esc_url_raw() function is similar to esc_url() (and actually uses it), but unlike esc_url() it does not replace entities for display. The resulting URL is safe to use in database queries, redirects and HTTP requests.

This function is not safe to use for displaying the URL, use esc_url() instead.


Top ↑

Source Source

File: wp-includes/formatting.php

function esc_url_raw( $url, $protocols = null ) {
	return esc_url( $url, $protocols, 'db' );
}


Top ↑

Changelog Changelog

Changelog
Version Description
2.8.0 Introduced.

Top ↑

User Contributed Notes User Contributed Notes

  1. Skip to note 1 content
    Contributed by Codex

    Right and Wrong usage

    <!-- Right -->
    $url = 'http://wordpress.org';
    $response = wp_remote_get( esc_url_raw( $url ) ); // no need to escape entities
    
    if ( ! is_wp_error( $response ) ) {
    	echo wp_remote_retrieve_body( $response );
    }
    
    <!-- Wrong! Use esc_url instead! -->
    <img src="<?php echo esc_url_raw( $url ); ?>" />
    <a href="<?php echo esc_url_raw( $url ); ?>">WordPress</a>
    

You must log in before being able to contribute a note or feedback.