get_users( array $args = array() ): array

Retrieves list of users matching criteria.

Description

See also

Parameters

$argsarrayoptional
Arguments to retrieve users. See WP_User_Query::prepare_query() for more information on accepted arguments.

Default:array()

Return

array List of users.

More Information

Return value is an array of IDs, stdClass objects, or WP_User objects, depending on the value of the ‘fields‘ parameter.

  • If ‘fields‘ is set to ‘all’ (default), or ‘all_with_meta’, it will return an array of WP_User objects.
  • If ‘fields‘ is set to an array of wp_users table fields, it will return an array of stdClass objects with only those fields.
  • If ‘fields‘ is set to any individual wp_users table field, an array of IDs will be returned.

Source

function get_users( $args = array() ) {

	$args                = wp_parse_args( $args );
	$args['count_total'] = false;

	$user_search = new WP_User_Query( $args );

	return (array) $user_search->get_results();
}

Changelog

VersionDescription
3.1.0Introduced.

User Contributed Notes

  1. Skip to note 8 content

    Please note that if you search by `meta_value` and it ends up being `”` (an empty string), the query, which is really a wrap over the `WP_User_Query` class and hence this applies to other functions as well, ends up forfeiting the check for the `meta_value` and simply downgrades to searching by `meta_key` only.

    Please be very careful when you have `meta_values` that are dynamic or that you can’t/don’t check for this exact case, if the list that you retrieve using this query is used for something important, you might end up with security holes.

    “User input should be parsed”. Yes, but, user input should not be immediately `esc_html`’d or the like, escape at output, sanitize before queries and now that we know this, check for validity — but here lies the problem, we, as well as some people who’ve been with WP for 10+ years didn’t know about this behavior. A `preg_match` fixes it all, yes, but only if your assumptions are updated with this knowledge.

    Additionally, this is not a case of “you just forgot to parse”, we parse everything that comes inside and had security audits on our core codebase pieces but just simply weren’t aware of this behavior and assumed we didn’t even need to parse.

    I’ve opened a ticket about it if you’re interested in a PoC and how it affected us specifically: https://core.trac.wordpress.org/ticket/49641

  2. Skip to note 9 content

    An example of fetching users that match any one of an array of roles using role__in.

    <?php
    $blogusers = get_users( array( 'role__in' => array( 'author', 'subscriber' ) ) );
    // Array of WP_User objects.
    foreach ( $blogusers as $user ) {
        echo '<span>' . esc_html( $user->display_name ) . '</span>';
    }
  3. Skip to note 10 content

    An example using the ‘search’ field.

    <?php
    $blogusers = get_users( array( 'search' => 'john' ) );
    // Array of WP_User objects.
    foreach ( $blogusers as $user ) {
    	echo '<span>' . esc_html( $user->user_email ) . '</span>';
    }

    This example will find and display all users that have a user name, ID, email of “john”. You can also do wild card search by adding an * before or after your search query. For example, to search for all users that start with “jo”, you would pass something like “jo*”.

    The results will be all users whose user names, IDs, or emails that start with “jo”. The * can be placed before or after your search query. When placed before, the results will be all users that end in your query.

You must log in before being able to contribute a note or feedback.