A WordPress-centric search engine for devs and theme authors



sanitize_sql_orderby ›

Since2.5.1
Deprecatedn/a
sanitize_sql_orderby ( $orderby )
Parameters:
  • (string) $orderby Order by clause to be validated.
    Required: Yes
Returns:
  • (string|false) Returns $orderby if valid, false otherwise.
Defined at:
Codex:

Ensures a string is a valid SQL 'order by' clause.

Accepts one or more columns, with or without a sort order (ASC / DESC). e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc.

Also accepts 'RAND()'.



Source

function sanitize_sql_orderby( $orderby ) {
	if ( preg_match( '/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby ) || preg_match( '/^\s*RAND\(\s*\)\s*$/i', $orderby ) ) {
		return $orderby;
	}
	return false;
}