Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
05/11/2013 11:42:45 AM (11 years ago)
Author:
boonebgorges
Message:

Introduces bp_esc_sql_order() function for sanitizing 'order' params for SQL

Several BP database methods accept an 'order' parameter. This function should
be used to sanitize this parameter into a query-safe string 'ASC' or 'DESC'.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-core/bp-core-functions.php

    r7024 r7054  
    10801080
    10811081    return $new_args;
     1082}
     1083
     1084/**
     1085 * Sanitize an 'order' parameter for use in building SQL queries
     1086 *
     1087 * Strings like 'DESC', 'desc', ' desc' will be interpreted into 'DESC'.
     1088 * Everything else becomes 'ASC'.
     1089 *
     1090 * @since BuddyPress (1.8)
     1091 * @param string $order The 'order' string, as passed to the SQL constructor
     1092 * @return string The sanitized value 'DESC' or 'ASC'
     1093 */
     1094function bp_esc_sql_order( $order = '' ) {
     1095    $order = strtoupper( trim( $order ) );
     1096    return 'DESC' === $order ? 'DESC' : 'ASC';
    10821097}
    10831098
Note: See TracChangeset for help on using the changeset viewer.