WordPress.org

Description

The esc_url_raw() function is similar to esc_url() (and actually uses it), but unlike esc_url() it does not replace entities for display. The resulting URL is safe to use in database queries, redirects and HTTP requests.

This function is not safe to use for displaying the URL, use esc_url() instead.

Usage

<?php esc_url_raw( $url, $protocols ); ?>

Parameters

$url

(string) (required) The URL to be cleaned.

Default: None

$protocols

(array) (optional) An array of acceptable protocols. Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet' if not set.

Default: null

Return Values

(string) 

The cleaned $url after the 'clean_url' filter is applied. An empty string is returned if $url specifies a protocol other than those in $protocols, or if $url contains an empty string.

Examples


<!-- Right -->
<?php
    $url = 'http://wordpress.org';
    $response = wp_remote_get( esc_url_raw( $url ) ); // no need to escape entities
    if ( !is_wp_error( $response ) ) {
        echo wp_remote_retrieve_body( $response );
    }
?>

<!-- Wrong! Use esc_url instead! -->
<img src='<?php echo esc_url_raw( $url ); ?>' />
<a href='<?php echo esc_url_raw( $url ); ?>'>WordPress</a>


Notes

Changelog

• Since: 2.8

Source File

esc_url_raw() is located in wp-includes/formatting.php.

Related

See: Data Validation article for an in-depth discussion of input and output sanitization.

• esc_html()
  • esc_html__()
  • esc_html_e()
• esc_attr()
  • esc_attr__()
  • esc_attr_e()
• esc_js()
• esc_sql()
• esc_textarea()
• esc_url()
  • esc_url_raw()
  • urlencode()
  • urlencode_deep()