sanitize_sql_orderby( string $orderby ): string|false
Ensures a string is a valid SQL ‘order by’ clause.
Description
Accepts one or more columns, with or without a sort order (ASC / DESC).
e.g. ‘column_1’, ‘column_1, column_2’, ‘column_1 ASC, column_2 DESC’ etc.
Also accepts ‘RAND()’.
Parameters
-
$orderby
string Required -
Order by clause to be validated.
Return
string|false Returns $orderby if valid, false otherwise.
Source
File: wp-includes/formatting.php
.
View all references
function sanitize_sql_orderby( $orderby ) {
if ( preg_match( '/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby ) || preg_match( '/^\s*RAND\(\s*\)\s*$/i', $orderby ) ) {
return $orderby;
}
return false;
}
Changelog
Version | Description |
---|---|
2.5.1 | Introduced. |
User Contributed Notes
-
Skip to note 1 content You must log in to vote on the helpfulness of this noteVote results for this note: 0You must log in to vote on the helpfulness of this note