Ensures a string is a valid SQL order by clause.
Accepts one or more columns, with or without ASC/DESC, and also accepts RAND().
<?php sanitize_sql_orderby( $orderby ); ?>
<?php /* These will return the same string as passed in, because they pass sanitization */ sanitize_sql_orderby( "title" ); sanitize_sql_orderby( "title ASC" ); sanitize_sql_orderby( "title DESC" ); sanitize_sql_orderby( "title DESC, slug ASC" ); sanitize_sql_orderby( "`title` DESC, `slug` ASC" ); /* This will return false: */ sanitize_sql_orderby( "WHERE 1=1" );
Since: 2.5.1
sanitize_sql_orderby()
is located in /wp-includes/formatting.php
.
sanitize_sql_orderby()
is in a class of functions that help you sanitize potentially unsafe data which allow you to pass an arbitrary variable and receive the clean version based on data type. Others include: