WordPress: How to unescape the results when using $wpdb->get_results?

2 Views

To add a new rows to the database I use $wpdb->insert, and to get the rows I use $wpdb->get_results.

The problem is that $wpdb->insert seems to be escaping the input. For example, a"b is saved as a"b in the database. But, $wpdb->get_results doesn’t seem to unescape back a"b to a"b.

Read More

Is this the correct behavior by design?

Should I unescape the result of $wpdb->get_results manually? (What is the proper function for this?)

Post Views: 2

Related posts

Leave a Reply

2 comments

  1. $wpdb->insert() and $wpdb->prepare() will escape data to prevent SQL injection attacks. The $wpdb->get_results() function is designed to work generically with SQL SELECT statements, so I believe the fact that the slashes are left in place is intentional. This allows the consumer of the data to process it as necessary.

    Since the $wpdb->get_results() funciton returns an array of stdClass objects, in order to remove the slashes in all columns in every row, you must iterate through the rows, and through the properties of each row object running the PHP stripslashes() function on it.

    foreach( $quotes as &$quote ) {
    foreach( $quote as &$field ) {
        if ( is_string( $field ) )
            $field = stripslashes( $field );
    }
}

    More information on the wpdb->get_results() function:
    http://codex.wordpress.org/Class_Reference/wpdb#SELECT_Generic_Results