Advertisements

sanitize_sql_orderby

Definition:
function sanitize_sql_orderby( $orderby ){

Ensures a string is a valid SQL order by clause.
Accepts one or more columns, with or without ASC/DESC, and also accepts RAND().

Parameters

  • string $orderby: Order by string to be checked.

Return values

returns:Returns the order by clause if it is a match, false otherwise.

Source code

function sanitize_sql_orderby( $orderby ){

	preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);

	if ( !$obmatches )

		return false;

	return $orderby;

}

2783

Advertisements

No comments yet... Be the first to leave a reply!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: