Title: sanitize_sql_orderby Published: April 25, 2014 Last modified: February 24, 2026 --- # sanitize_sql_orderby( string $orderby ): string|false ## In this article * [Description](https://developer.wordpress.org/reference/functions/sanitize_sql_orderby/?output_format=md#description) * [Parameters](https://developer.wordpress.org/reference/functions/sanitize_sql_orderby/?output_format=md#parameters) * [Return](https://developer.wordpress.org/reference/functions/sanitize_sql_orderby/?output_format=md#return) * [Source](https://developer.wordpress.org/reference/functions/sanitize_sql_orderby/?output_format=md#source) * [Changelog](https://developer.wordpress.org/reference/functions/sanitize_sql_orderby/?output_format=md#changelog) * [User Contributed Notes](https://developer.wordpress.org/reference/functions/sanitize_sql_orderby/?output_format=md#user-contributed-notes) [ Back to top](https://developer.wordpress.org/reference/functions/sanitize_sql_orderby/?output_format=md#wp--skip-link--target) Ensures a string is a valid SQL ‘order by’ clause. ## 󠀁[Description](https://developer.wordpress.org/reference/functions/sanitize_sql_orderby/?output_format=md#description)󠁿 Accepts one or more columns, with or without a sort order (ASC / DESC). e.g. ‘column_1’,‘ column_1, column_2’, ‘column_1 ASC, column_2 DESC’ etc. Also accepts ‘RAND()’. ## 󠀁[Parameters](https://developer.wordpress.org/reference/functions/sanitize_sql_orderby/?output_format=md#parameters)󠁿 `$orderby`stringrequired Order by clause to be validated. ## 󠀁[Return](https://developer.wordpress.org/reference/functions/sanitize_sql_orderby/?output_format=md#return)󠁿 string|false Returns $orderby if valid, false otherwise. ## 󠀁[Source](https://developer.wordpress.org/reference/functions/sanitize_sql_orderby/?output_format=md#source)󠁿 ```php function sanitize_sql_orderby( $orderby ) { if ( preg_match( '/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby ) || preg_match( '/^\s*RAND\(\s*\)\s*$/i', $orderby ) ) { return $orderby; } return false; } ``` [View all references](https://developer.wordpress.org/reference/files/wp-includes/formatting.php/) [View on Trac](https://core.trac.wordpress.org/browser/tags/6.9.4/src/wp-includes/formatting.php#L2412) [View on GitHub](https://github.com/WordPress/wordpress-develop/blob/6.9.4/src/wp-includes/formatting.php#L2412-L2417) ## 󠀁[Changelog](https://developer.wordpress.org/reference/functions/sanitize_sql_orderby/?output_format=md#changelog)󠁿 | Version | Description | | [2.5.1](https://developer.wordpress.org/reference/since/2.5.1/) | Introduced. | ## 󠀁[User Contributed Notes](https://developer.wordpress.org/reference/functions/sanitize_sql_orderby/?output_format=md#user-contributed-notes)󠁿 1. [Skip to note 2 content](https://developer.wordpress.org/reference/functions/sanitize_sql_orderby/?output_format=md#comment-content-5925) 2. [1naveengiri](https://profiles.wordpress.org/1naveengiri/) [ 4 years ago ](https://developer.wordpress.org/reference/functions/sanitize_sql_orderby/#comment-5925) 3. [You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fsanitize_sql_orderby%2F%23comment-5925) Vote results for this note: 0[You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fsanitize_sql_orderby%2F%23comment-5925) 4. ```php get_results( implode( ' ', $query ) ); ?> ``` 5. [Log in to add feedback](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fsanitize_sql_orderby%2F%3Freplytocom%3D5925%23feedback-editor-5925) You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fsanitize_sql_orderby%2F) before being able to contribute a note or feedback.