Home

sanitize_sql_orderby

February 12, 2011 by Thorsten 0 Comments

Definition:
function sanitize_sql_orderby( $orderby ){

Ensures a string is a valid SQL order by clause.
Accepts one or more columns, with or without ASC/DESC, and also accepts RAND().

Parameters

  • string $orderby: Order by string to be checked.

Return values

returns:Returns the order by clause if it is a match, false otherwise.

Source code

function sanitize_sql_orderby( $orderby ){

	preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);

	if ( !$obmatches )

		return false;

	return $orderby;

}

2783

/wp-includes/formatting.php, Documentation, Files, Functions, Functions by letter s
,

No comments yet... Be the first to leave a reply!

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: