PHP like_escape函數代碼示例

 function get_sql()
 {
     global $wpdb;
     if (empty($this->queries)) {
         return array('join' => '', 'where' => '');
     }
     $context_table = MainWP_WP_Stream_DB::$table_context;
     $main_table = MainWP_WP_Stream_DB::$table;
     $meta_id_column = 'meta_id';
     $join = array();
     $where = array();
     $queries = $this->queries;
     $meta_query = new WP_Meta_Query();
     foreach ($queries as $i => $query) {
         foreach ($query as $key => $args) {
             $type = $meta_query->get_cast_for_type(isset($args['type']) ? $args['type'] : '');
             $value = isset($args['value']) ? $args['value'] : null;
             // Allow 'context' => array('val1', 'val2') as well
             if (is_null($value)) {
                 $args = array('value' => $args);
                 $value = $args['value'];
             }
             if (isset($args['compare'])) {
                 $compare = strtoupper($args['compare']);
             } else {
                 $compare = is_array($value) ? 'IN' : '=';
             }
             $operators = array('=', '!=', 'LIKE', 'NOT LIKE', 'IN', 'NOT IN', 'REGEXP', 'NOT REGEXP', 'RLIKE');
             if (!in_array($compare, $operators)) {
                 $compare = '=';
             }
             if ('IN' === substr($compare, -2)) {
                 if (!is_array($value)) {
                     $value = preg_split('/[,\\s]+/', $value);
                 }
                 $compare_string = '(' . substr(str_repeat(',%s', count($value)), 1) . ')';
             } elseif ('LIKE' === substr($compare, -4)) {
                 $value = '%' . like_escape($value) . '%';
                 $compare_string = '%s';
             } else {
                 $compare_string = '%s';
             }
             if (!empty($where[$i])) {
                 $where[$i] .= ' AND ';
             } else {
                 $where[$i] = '';
             }
             $where[$i] = ' (' . $where[$i] . $wpdb->prepare("CAST({$context_table}.{$key} AS {$type}) {$compare} {$compare_string})", $value);
         }
     }
     $where = array_filter($where);
     if (empty($where)) {
         $where = '';
     } else {
         $where = ' AND (' . implode("\n{$this->relation} ", $where) . ' )';
     }
     $join = implode("\n", $join);
     return apply_filters_ref_array('get_context_sql', array(compact('join', 'where'), $this->queries));
 }

 function prepare_items()
 {
     global $frmdb, $wpdb, $per_page, $frm_settings, $frm_form, $frm_app_helper;
     $paged = $this->get_pagenum();
     $default_orderby = 'name';
     $default_order = 'ASC';
     $orderby = isset($_REQUEST['orderby']) ? $_REQUEST['orderby'] : $default_orderby;
     $order = isset($_REQUEST['order']) ? $_REQUEST['order'] : $default_order;
     $page = $this->get_pagenum();
     $default_count = empty($this->page_name) ? 20 : 10;
     $per_page = $this->get_items_per_page('formidable_page_formidable' . str_replace('-', '_', $this->page_name) . '_per_page', $default_count);
     $start = isset($_REQUEST['start']) ? $_REQUEST['start'] : ($page - 1) * $per_page;
     $s = isset($_REQUEST['s']) ? $_REQUEST['s'] : '';
     $fid = isset($_REQUEST['fid']) ? $_REQUEST['fid'] : '';
     if ($s != '') {
         $s = stripslashes($s);
         preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches);
         $search_terms = array_map('_search_terms_tidy', $matches[0]);
     }
     $s_query = " (status is NULL OR status = '' OR status = 'published') AND default_template=0 AND is_template = " . (int) $this->params['template'];
     if ($s != '') {
         foreach ((array) $search_terms as $term) {
             $term = esc_sql(like_escape($term));
             if (!empty($s_query)) {
                 $s_query .= " AND";
             }
             $s_query .= " (name like '%{$term}%' OR description like '%{$term}%' OR created_at like '%{$term}%')";
             unset($term);
         }
     }
     $this->items = $frm_form->getAll($s_query, " ORDER BY {$orderby} {$order}", " LIMIT {$start}, {$per_page}", true, false);
     $total_items = $frm_app_helper->getRecordCount($s_query, $this->table_name);
     $this->set_pagination_args(array('total_items' => $total_items, 'per_page' => $per_page));
 }

 protected function __format_search()
 {
     $this->s_query = explode("-", $this->options['s_query']);
     $this->s_query = implode(" ", $this->s_query);
     $this->s_query = '%' . like_escape(esc_sql($this->s_query)) . '%';
     // Thanks Manny Fleurmond
 }

function sf_acf_check_args_for_checkboxes($args)
{
    if (!isset($args['meta_query'])) {
        return $args;
    }
    $acf_fields = array();
    foreach ($args['meta_query'] as $key => $val) {
        $is_checkbox = sf_acf_is_checkbox(array('add_this' => false, 'meta_key' => $val['key']));
        if ($is_checkbox['add_this']) {
            $acf_fields[] = $val;
            unset($args['meta_query'][$key]);
        }
    }
    $where_meta = array();
    foreach ($acf_fields as $field) {
        if (!is_array($field['value'])) {
            $where_meta[$field['key']][] = 's:' . strlen($field['value']) . ':"' . $field['value'] . '";';
        } else {
            foreach ($field['value'] as $fv) {
                $where_meta[$field['key']][] = 's:' . strlen($fv) . ':"' . esc_sql(like_escape($fv)) . '";';
            }
        }
    }
    if (count($where_meta) > 0) {
        add_filter('posts_join_paged', 'sf_acf_checkbox_filter_join', 10, 2);
        add_filter('posts_where', 'sf_acf_checkbox_filter_where', 10, 2);
        add_filter('posts_groupby', 'sf_groupby');
        $args['sf-acfcheckbox-meta'] = $where_meta;
    }
    return $args;
}

/**
 * Check if the cookied hashkey has been merged with another contact. If it is, set visitor's cookie to new hashkey
 *
 * @echo	Hashkey from a merged_hashkeys row, FALSE if hashkey does not exist in a merged_hashkeys row
 */
function leadout_check_merged_contact()
{
    global $wpdb;
    global $wp_version;
    $stale_hash = $_POST['li_id'];
    $escaped_hash = '';
    if ($wp_version >= 4) {
        $escaped_hash = $wpdb->esc_like($stale_hash);
    } else {
        $escaped_hash = like_escape($stale_hash);
    }
    // Check if hashkey is in a merged contact
    $q = $wpdb->prepare("SELECT hashkey, merged_hashkeys FROM {$wpdb->li_leads} WHERE merged_hashkeys LIKE '%%%s%%'", $escaped_hash);
    $row = $wpdb->get_row($q);
    if (isset($row->hashkey) && $stale_hash) {
        // One final update to set all the previous pageviews to the new hashkey
        $q = $wpdb->prepare("UPDATE {$wpdb->li_pageviews} SET lead_hashkey = %s WHERE lead_hashkey = %s", $row->hashkey, $stale_hash);
        $wpdb->query($q);
        // One final update to set all the previous submissions to the new hashkey
        $q = $wpdb->prepare("UPDATE {$wpdb->li_submissions} SET lead_hashkey = %s WHERE lead_hashkey = %s", $row->hashkey, $stale_hash);
        $wpdb->query($q);
        // Remove the passed hash from the merged hashkeys for the row
        $merged_hashkeys = array_unique(array_filter(explode(',', $row->merged_hashkeys)));
        // Delete the stale hash from the merged hashkeys array
        $merged_hashkeys = leadout_array_delete($merged_hashkeys, "'" . $stale_hash . "'");
        $q = $wpdb->prepare("UPDATE {$wpdb->li_leads} SET merged_hashkeys = %s WHERE hashkey = %s", rtrim(implode(',', $merged_hashkeys), ','), $row->hashkey);
        $wpdb->query($q);
        echo json_encode($row->hashkey);
        die;
    } else {
        echo json_encode(FALSE);
        die;
    }
}

function wp_ajax_ajax_tag_search()
{
    global $wpdb;
    if (isset($_GET['tax'])) {
        $taxonomy = sanitize_key($_GET['tax']);
        $tax = get_taxonomy($taxonomy);
        if (!$tax) {
            wp_die(0);
        }
        if (!current_user_can($tax->cap->assign_terms)) {
            wp_die(-1);
        }
    } else {
        wp_die(0);
    }
    $s = wp_unslash($_GET['q']);
    $comma = _x(',', 'tag delimiter');
    if (',' !== $comma) {
        $s = str_replace($comma, ',', $s);
    }
    if (false !== strpos($s, ',')) {
        $s = explode(',', $s);
        $s = $s[count($s) - 1];
    }
    $s = trim($s);
    if (strlen($s) < 2) {
        wp_die();
    }
    // require 2 chars for matching
    $results = $wpdb->get_col($wpdb->prepare("SELECT t.name FROM {$wpdb->term_taxonomy} AS tt INNER JOIN {$wpdb->terms} AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.name LIKE (%s)", $taxonomy, '%' . like_escape($s) . '%'));
    echo join($results, "\n");
    wp_die();
}

 function search_terms($search_terms, $taxon = 'tag', $limit = 10)
 {
     global $wpdb, $bp;
     $search_terms = like_escape($wpdb->escape($search_terms));
     $data = $wpdb->get_results($wpdb->prepare("\n         SELECT `id`, `name` FROM {$bp->gtm->table_terms}  WHERE `taxon` = %s AND `name` LIKE '%%{$search_terms}%%' LIMIT %d", $taxon, $limit));
     return $data;
 }

	function tag_search() {
		global $wpdb;
		$term = $_GET['term'];
		if ( false !== strpos( $term, ',' ) ) {
			$term = explode( ',', $term );
			$term = $term[count( $term ) - 1];
		}
		$term = trim( $term );
		if ( strlen( $term ) < 2 )
			die(); // require 2 chars for matching

		$tags = array();
		$results = $wpdb->get_results( "SELECT name, count FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = 'post_tag' AND t.name LIKE ( '%". like_escape( $wpdb->escape( $term ) ) . "%' ) ORDER BY count DESC" );

		foreach ( $results as $result ) {
			$rterm = '/' . preg_quote( $term, '/' ) . '/i';
			$label = preg_replace( $rterm, "<strong>$0</strong>", $result->name ) . " ($result->count)";

			$tags[] = array(
				'label' => $label,
				'value' => $result->name,
			);
		}

		echo json_encode( $tags );
	}

function shandora_posts_where($where, &$wp_query)
{
    global $wpdb;
    if ($post_title = $wp_query->get('post_title')) {
        $where .= ' AND ' . $wpdb->posts . '.post_title LIKE \'%' . esc_sql(like_escape($post_title)) . '%\'';
    }
    return $where;
}

 /**
  * @ticket 10041
  * @expectedDeprecated like_escape
  */
 function test_like_escape()
 {
     $inputs = array('howdy%', 'howdy_', 'howdy\\', 'howdy\\howdy%howdy_');
     $expected = array("howdy\\%", 'howdy\\_', 'howdy\\', 'howdy\\howdy\\%howdy\\_');
     foreach ($inputs as $key => $input) {
         $this->assertEquals($expected[$key], like_escape($input));
     }
 }

 function posts_where($where, &$wp_query)
 {
     global $wpdb;
     if ($title = $wp_query->get('like_title')) {
         $where .= " AND " . $wpdb->posts . ".post_title LIKE '%" . esc_sql(like_escape($title)) . "%'";
     }
     return $where;
 }

function ym_logs_search_users()
{
    ym_ajax_superuser_check();
    $users = get_users('search=*' . like_escape(ym_get('q')) . '*');
    foreach ($users as $user) {
        echo $user->user_login . "\n";
    }
    die;
}

 public static function get_ips()
 {
     if (!defined('DOING_AJAX') || !current_user_can(MainWP_WP_Stream_Admin::SETTINGS_CAP)) {
         return;
     }
     check_ajax_referer('stream_get_ips', 'nonce');
     global $wpdb;
     $results = $wpdb->get_col($wpdb->prepare("\n\t\t\t\t\tSELECT distinct(`ip`)\n\t\t\t\t\tFROM `{$wpdb->mainwp_reports}`\n\t\t\t\t\tWHERE `ip` LIKE %s\n\t\t\t\t\tORDER BY inet_aton(`ip`) ASC\n\t\t\t\t\tLIMIT %d;\n\t\t\t\t", like_escape($_POST['find']) . '%', $_POST['limit']));
     wp_send_json_success($results);
 }

/**
 * Escape a string to use in SQL LIKE.
 * like_escape() is deprecated since WordPress 4.0 which introduces a $wpdb
 * method. This is for compatibility easiness with WP<4.x
 * 
 * @since    2.1
 * 
 * @param    string    $string Data to escape
 * 
 * @return   string    Escape string
 */
function wpmoly_esc_like($string)
{
    global $wpdb;
    if (method_exists('wpdb', 'esc_like')) {
        $string = $wpdb->esc_like($string);
    } else {
        $string = like_escape($letter);
    }
    return $string;
}

function post_lookup()
{
    global $wpdb;
    $search = like_escape($_REQUEST['q']);
    $query = 'SELECT ID,post_title FROM ' . $wpdb->posts . '
      WHERE post_title LIKE \'' . $search . '%\'
      AND post_status = \'publish\'
      ORDER BY post_title ASC';
    die;
}