sanitize_sql_orderby

The timeline below displays how wordpress function sanitize_sql_orderby has changed across different WordPress versions. If a version is not listed, refer to the next available version below.

WordPress Version: 4.3

/**
 * Ensures a string is a valid SQL 'order by' clause.
 *
 * Accepts one or more columns, with or without a sort order (ASC / DESC).
 * e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc.
 *
 * Also accepts 'RAND()'.
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by clause to be validated.
 * @return string|false Returns $orderby if valid, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    if (preg_match('/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby) || preg_match('/^\s*RAND\(\s*\)\s*$/i', $orderby)) {
        return $orderby;
    }
    return false;
}

WordPress Version: .10

/**
 * Ensures a string is a valid SQL 'order by' clause.
 *
 * Accepts one or more columns, with or without a sort order (ASC / DESC).
 * e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc.
 *
 * Also accepts 'RAND()'.
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by clause to be validated.
 * @return string|bool Returns $orderby if valid, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    if (preg_match('/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby) || preg_match('/^\s*RAND\(\s*\)\s*$/i', $orderby)) {
        return $orderby;
    }
    return false;
}

WordPress Version: 4.1

/**
 * Ensures a string is a valid SQL order by clause.
 *
 * Accepts one or more columns, with or without ASC/DESC, and also accepts
 * RAND().
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by string to be checked.
 * @return false|string Returns the order by clause if it is a match, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
    if (!$obmatches) {
        return false;
    }
    return $orderby;
}

WordPress Version: .10

/**
 * Ensures a string is a valid SQL 'order by' clause.
 *
 * Accepts one or more columns, with or without a sort order (ASC / DESC).
 * e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc.
 *
 * Also accepts 'RAND()'.
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by clause to be validated.
 * @return string|bool Returns $orderby if valid, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    if (preg_match('/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby) || preg_match('/^\s*RAND\(\s*\)\s*$/i', $orderby)) {
        return $orderby;
    }
    return false;
}

WordPress Version: 4.0

/**
 * Ensures a string is a valid SQL order by clause.
 *
 * Accepts one or more columns, with or without ASC/DESC, and also accepts
 * RAND().
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by string to be checked.
 * @return string|bool Returns the order by clause if it is a match, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
    if (!$obmatches) {
        return false;
    }
    return $orderby;
}

WordPress Version: 9.4

/**
 * Ensures a string is a valid SQL 'order by' clause.
 *
 * Accepts one or more columns, with or without a sort order (ASC / DESC).
 * e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc.
 *
 * Also accepts 'RAND()'.
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by clause to be validated.
 * @return string|bool Returns $orderby if valid, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    if (preg_match('/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby) || preg_match('/^\s*RAND\(\s*\)\s*$/i', $orderby)) {
        return $orderby;
    }
    return false;
}

WordPress Version: 9.2

/**
 * Ensures a string is a valid SQL order by clause.
 *
 * Accepts one or more columns, with or without ASC/DESC, and also accepts
 * RAND().
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by string to be checked.
 * @return string|bool Returns the order by clause if it is a match, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
    if (!$obmatches) {
        return false;
    }
    return $orderby;
}

WordPress Version: .10

/**
 * Ensures a string is a valid SQL 'order by' clause.
 *
 * Accepts one or more columns, with or without a sort order (ASC / DESC).
 * e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc.
 *
 * Also accepts 'RAND()'.
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by clause to be validated.
 * @return string|bool Returns $orderby if valid, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    if (preg_match('/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby) || preg_match('/^\s*RAND\(\s*\)\s*$/i', $orderby)) {
        return $orderby;
    }
    return false;
}

WordPress Version: 3.9

/**
 * Ensures a string is a valid SQL order by clause.
 *
 * Accepts one or more columns, with or without ASC/DESC, and also accepts
 * RAND().
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by string to be checked.
 * @return string|bool Returns the order by clause if it is a match, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
    if (!$obmatches) {
        return false;
    }
    return $orderby;
}

WordPress Version: 8.6

/**
 * Ensures a string is a valid SQL 'order by' clause.
 *
 * Accepts one or more columns, with or without a sort order (ASC / DESC).
 * e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc.
 *
 * Also accepts 'RAND()'.
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by clause to be validated.
 * @return string|bool Returns $orderby if valid, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    if (preg_match('/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby) || preg_match('/^\s*RAND\(\s*\)\s*$/i', $orderby)) {
        return $orderby;
    }
    return false;
}

WordPress Version: 8.4

/**
 * Ensures a string is a valid SQL order by clause.
 *
 * Accepts one or more columns, with or without ASC/DESC, and also accepts
 * RAND().
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by string to be checked.
 * @return string|bool Returns the order by clause if it is a match, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
    if (!$obmatches) {
        return false;
    }
    return $orderby;
}

WordPress Version: .30

/**
 * Ensures a string is a valid SQL 'order by' clause.
 *
 * Accepts one or more columns, with or without a sort order (ASC / DESC).
 * e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc.
 *
 * Also accepts 'RAND()'.
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by clause to be validated.
 * @return string|bool Returns $orderby if valid, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    if (preg_match('/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby) || preg_match('/^\s*RAND\(\s*\)\s*$/i', $orderby)) {
        return $orderby;
    }
    return false;
}

WordPress Version: 8.3

/**
 * Ensures a string is a valid SQL order by clause.
 *
 * Accepts one or more columns, with or without ASC/DESC, and also accepts
 * RAND().
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by string to be checked.
 * @return string|bool Returns the order by clause if it is a match, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
    if (!$obmatches) {
        return false;
    }
    return $orderby;
}

WordPress Version: .20

/**
 * Ensures a string is a valid SQL 'order by' clause.
 *
 * Accepts one or more columns, with or without a sort order (ASC / DESC).
 * e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc.
 *
 * Also accepts 'RAND()'.
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by clause to be validated.
 * @return string|bool Returns $orderby if valid, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    if (preg_match('/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby) || preg_match('/^\s*RAND\(\s*\)\s*$/i', $orderby)) {
        return $orderby;
    }
    return false;
}

WordPress Version: 8.2

/**
 * Ensures a string is a valid SQL order by clause.
 *
 * Accepts one or more columns, with or without ASC/DESC, and also accepts
 * RAND().
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by string to be checked.
 * @return string|bool Returns the order by clause if it is a match, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
    if (!$obmatches) {
        return false;
    }
    return $orderby;
}

WordPress Version: .10

/**
 * Ensures a string is a valid SQL 'order by' clause.
 *
 * Accepts one or more columns, with or without a sort order (ASC / DESC).
 * e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc.
 *
 * Also accepts 'RAND()'.
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by clause to be validated.
 * @return string|bool Returns $orderby if valid, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    if (preg_match('/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby) || preg_match('/^\s*RAND\(\s*\)\s*$/i', $orderby)) {
        return $orderby;
    }
    return false;
}

WordPress Version: 3.8

/**
 * Ensures a string is a valid SQL order by clause.
 *
 * Accepts one or more columns, with or without ASC/DESC, and also accepts
 * RAND().
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by string to be checked.
 * @return string|bool Returns the order by clause if it is a match, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
    if (!$obmatches) {
        return false;
    }
    return $orderby;
}

WordPress Version: 7.6

/**
 * Ensures a string is a valid SQL 'order by' clause.
 *
 * Accepts one or more columns, with or without a sort order (ASC / DESC).
 * e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc.
 *
 * Also accepts 'RAND()'.
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by clause to be validated.
 * @return string|bool Returns $orderby if valid, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    if (preg_match('/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby) || preg_match('/^\s*RAND\(\s*\)\s*$/i', $orderby)) {
        return $orderby;
    }
    return false;
}

WordPress Version: 7.5

/**
 * Ensures a string is a valid SQL order by clause.
 *
 * Accepts one or more columns, with or without ASC/DESC, and also accepts
 * RAND().
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by string to be checked.
 * @return string|bool Returns the order by clause if it is a match, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
    if (!$obmatches) {
        return false;
    }
    return $orderby;
}

WordPress Version: .40

/**
 * Ensures a string is a valid SQL 'order by' clause.
 *
 * Accepts one or more columns, with or without a sort order (ASC / DESC).
 * e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc.
 *
 * Also accepts 'RAND()'.
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by clause to be validated.
 * @return string|bool Returns $orderby if valid, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    if (preg_match('/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby) || preg_match('/^\s*RAND\(\s*\)\s*$/i', $orderby)) {
        return $orderby;
    }
    return false;
}

WordPress Version: 7.4

/**
 * Ensures a string is a valid SQL order by clause.
 *
 * Accepts one or more columns, with or without ASC/DESC, and also accepts
 * RAND().
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by string to be checked.
 * @return string|bool Returns the order by clause if it is a match, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
    if (!$obmatches) {
        return false;
    }
    return $orderby;
}

WordPress Version: .30

/**
 * Ensures a string is a valid SQL 'order by' clause.
 *
 * Accepts one or more columns, with or without a sort order (ASC / DESC).
 * e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc.
 *
 * Also accepts 'RAND()'.
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by clause to be validated.
 * @return string|bool Returns $orderby if valid, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    if (preg_match('/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby) || preg_match('/^\s*RAND\(\s*\)\s*$/i', $orderby)) {
        return $orderby;
    }
    return false;
}

WordPress Version: 7.3

/**
 * Ensures a string is a valid SQL order by clause.
 *
 * Accepts one or more columns, with or without ASC/DESC, and also accepts
 * RAND().
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by string to be checked.
 * @return string|bool Returns the order by clause if it is a match, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
    if (!$obmatches) {
        return false;
    }
    return $orderby;
}

WordPress Version: .20

/**
 * Ensures a string is a valid SQL 'order by' clause.
 *
 * Accepts one or more columns, with or without a sort order (ASC / DESC).
 * e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc.
 *
 * Also accepts 'RAND()'.
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by clause to be validated.
 * @return string|bool Returns $orderby if valid, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    if (preg_match('/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby) || preg_match('/^\s*RAND\(\s*\)\s*$/i', $orderby)) {
        return $orderby;
    }
    return false;
}

WordPress Version: 7.2

/**
 * Ensures a string is a valid SQL order by clause.
 *
 * Accepts one or more columns, with or without ASC/DESC, and also accepts
 * RAND().
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by string to be checked.
 * @return string|bool Returns the order by clause if it is a match, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
    if (!$obmatches) {
        return false;
    }
    return $orderby;
}

WordPress Version: .10

/**
 * Ensures a string is a valid SQL 'order by' clause.
 *
 * Accepts one or more columns, with or without a sort order (ASC / DESC).
 * e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc.
 *
 * Also accepts 'RAND()'.
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by clause to be validated.
 * @return string|bool Returns $orderby if valid, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    if (preg_match('/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby) || preg_match('/^\s*RAND\(\s*\)\s*$/i', $orderby)) {
        return $orderby;
    }
    return false;
}

WordPress Version: 3.7

/**
 * Ensures a string is a valid SQL order by clause.
 *
 * Accepts one or more columns, with or without ASC/DESC, and also accepts
 * RAND().
 *
 * @since 2.5.1
 *
 * @param string $orderby Order by string to be checked.
 * @return string|bool Returns the order by clause if it is a match, false otherwise.
 */
function sanitize_sql_orderby($orderby)
{
    preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
    if (!$obmatches) {
        return false;
    }
    return $orderby;
}