function sanitize_sql_orderby( $orderby ){

Ensures a string is a valid SQL order by clause.
Accepts one or more columns, with or without ASC/DESC, and also accepts RAND().


  • string $orderby: Order by string to be checked.

Return values

returns:Returns the order by clause if it is a match, false otherwise.

Source code

function sanitize_sql_orderby( $orderby ){

	preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);

	if ( !$obmatches )

		return false;

	return $orderby;



No comments yet... Be the first to leave a reply!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: