WordPress.org

Description

Ensures a string is a valid SQL order by clause.

Accepts one or more columns, with or without ASC/DESC, and also accepts RAND().

Usage

<?php sanitize_sql_orderby( $orderby ); ?>

Parameters

$orderby

(string) (required) Order by string to be checked.

Default: None

Return Values

(string | boolean) 

Returns the order by clause if it is a match, false otherwise.

Examples

<?php

/* These will return the same string as passed in, because they pass sanitization */
sanitize_sql_orderby( "title" );
sanitize_sql_orderby( "title ASC" );
sanitize_sql_orderby( "title DESC" );
sanitize_sql_orderby( "title DESC, slug ASC" );
sanitize_sql_orderby( "`title` DESC, `slug` ASC" );

/* This will return false: */
sanitize_sql_orderby( "WHERE 1=1" );

Notes

Change Log

Since: 2.5.1

Source File

sanitize_sql_orderby() is located in /wp-includes/formatting.php.

Related

Functions

sanitize_sql_orderby() is in a class of functions that help you sanitize potentially unsafe data which allow you to pass an arbitrary variable and receive the clean version based on data type. Others include:

• sanitize_email()
• sanitize_file_name()
• sanitize_html_class()
• sanitize_key()
• sanitize_meta()
• sanitize_mime_type()
• sanitize_option()
• sanitize_sql_orderby()
• sanitize_post_field()
• sanitize_text_field()
• sanitize_title()
• sanitize_title_for_query()
• sanitize_title_with_dashes()
• sanitize_user()

Filters

• sanitize_email
• sanitize_file_name
• sanitize_file_name_chars
• sanitize_html_class
• sanitize_key
• sanitize_mime_type
• sanitize_option_$option
• sanitize_text_field
• sanitize_title
• sanitize_trackback_urls
• sanitize_user