How do I escape a table name or column name in SQL? esc_sql doesn’t do this

I can’t find a function shipped with WordPress that does this, so I created my own:

 function esc_sql_name( $name ) {
     return str_replace( "`", "``", $name );
 }

You can use it like this:

 $escaped_name = esc_sql_name( $column_name );

 $sql = $wpdb->prepare(
       "SELECT * FROM example WHERE `$escaped_name` = %s",
       $foobar
 );

Reference:

Related Posts:

  1. MySQL Error: : ‘Access denied for user ‘root’@’localhost’
  2. What is the difference between “INNER JOIN” and “OUTER JOIN”?
  3. SQL WITH clause example [duplicate]
  4. The wait operation timed out. ASP
  5. Conversion failed when converting date and/or time from character string while inserting datetime
  6. how to fix oracle ORA-01722 invalid number error
  7. SQL query to select dates between two dates
  8. MySQL – Operand should contain 1 column(s)
  9. SQL SELECT WHERE field contains words
  10. MySQL Error: : ‘Access denied for user ‘root’@’localhost’
  11. NOT IN vs NOT EXISTS
  12. Must declare the scalar variable
  13. ORA-00979 not a group by expression
  14. How can I do a FULL OUTER JOIN in MySQL?
  15. MySQL query String contains
  16. How do I escape a single quote in SQL Server?
  17. T-SQL split string based on delimiter
  18. Finding duplicate values in a SQL table
  19. MySQL Cannot Add Foreign Key Constraint
  20. Oracle error : ORA-00905: Missing keyword
  21. How do I import an SQL file using the command line in MySQL?
  22. mysql Foreign key constraint is incorrectly formed error
  23. Can a foreign key be NULL and/or duplicate?
  24. How do composite indexes work?
  25. Difference between JOIN and INNER JOIN
  26. MySQL “WITH” clause
  27. What is the difference between JOIN and UNION?
  28. MySQL Multiple Joins in one query?
  29. Error Code: 2013. Lost connection to MySQL server during query
  30. “CASE” statement within “WHERE” clause in SQL Server 2008
  31. SQL join on multiple columns in same tables
  32. ORA-00972 identifier is too long alias column name
  33. What is the difference between Scope_Identity(), Identity(), @@Identity, and Ident_Current()?
  34. Sql query – getting rid of hard-coded values
  35. ORA-00918: column ambiguously defined in SELECT *
  36. How To Run A Github Repository?
  37. SQL Switch/Case in ‘where’ clause
  38. Oracle – ORA-01489: result of string concatenation is too long [duplicate]
  39. SQL Server WITH statement
  40. How to run a SQL query on an Excel table?
  41. Algebra Relational sql GROUP BY SORT BY ORDER BY
  42. SQL Server reports ‘Invalid column name’, but the column is present and the query works through management studio
  43. Oracle “Partition By” Keyword
  44. What is the equivalent of ‘describe table’ in SQL Server?
  45. Remote table-Valued Function Calls are not allowed
  46. The backend version is not supported to design database diagrams or tables
  47. Determine ROW that caused “unexpected end of file” error in BULK INSERT?
  48. SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax — PHP — PDO [duplicate]
  49. Difference between View and table in sql
  50. Using group by on multiple columns
  51. What is the purpose of using WHERE 1=1 in SQL statements?
  52. Exclude a column using SELECT * [except columnA] FROM tableA?
  53. How do you force mysql LIKE to be case sensitive?
  54. What is the difference between a stored procedure and a view?
  55. Why is SQL server throwing this error: Cannot insert the value NULL into column ‘id’?
  56. pg_ctl: no database directory specified and environment variable PGDATA unset
  57. ERROR 1148: The used command is not allowed with this MySQL version
  58. Bulk load data conversion error (truncation)
  59. How to order by with union in SQL?
  60. Difference between INNER JOIN and LEFT SEMI JOIN
  61. SQL conditional SELECT
  62. ‘CREATE PROCEDURE’ must be the only statement in the batch (Erro)
  63. PostgreSQL create table if not exists
  64. PostgreSQL visual interface similar to phpMyAdmin?
  65. DATEDIFF function in Oracle
  66. Solutions for INSERT OR UPDATE on SQL Server
  67. GROUP BY and COUNT using ActiveRecord
  68. MySQL – Get row number on select
  69. MySQL error: Unknown column in ‘where clause’
  70. What is the difference between Views and Materialized Views in Oracle?
  71. How to truncate the text returned for a column in a MySQL query
  72. “select * into table” Will it work for inserting data into existing table
  73. ORA-01735: invalid ALTER TABLE option – Toad
  74. CASE IN statement with multiple values
  75. List of special characters for SQL LIKE clause
  76. Use wpdb->prepare for `order by` column name
  77. How To Write An Inner Join With WP Query
  78. Cron While Editing Post
  79. Update user_login, user_nicename, and display_name
  80. Change sticky status of posts from phpMyAdmin
  81. Fetch all Posts where logged in user has commented
  82. Best Way to Merge a Dev and Live Site to Become a Staging Site?
  83. Needing to move content from postmeta to posts in sql [closed]
  84. How to import a Typo3 database to a wordpress site?
  85. What does the $posts_join filter join to?
  86. Clean up very big and very dirty database
  87. How to delete ALL comments from certain category in WordPress database?
  88. How can I convert everything from category X to have post format Link
  89. Bulk delete WordPress Post and all metadata, etc using SQL query
  90. What steps do I need to take to install a local copy of a live website?
  91. Reset post IDs with all post meta
  92. How to Add or Change Post Title
  93. Why does DROP TABLE-ing the `wp_options` reset my user session?
  94. How to refactor DB queries for better TTFB in WordPress?
  95. query sql-table and change entities
  96. Duplicate WP Migration affecting site on separate domain?
  97. Analog category_and (WP) in sql query
  98. Backtick (MySQL norm) added to SQL Server Query causing error
  99. Firebase with WordPress instead of SQL?
  100. Want to delete woocommerce coupon in bulk from phpmyadmin based on published date