Is it necessary to escape LIKE term in WP_User_Query?

like_escape() only escapes % and _ characters. The entire function looks like this:

function like_escape($text) {
   return str_replace(array("%", "_"), array("\\%", "\\_"), $text);
}

Quoting from the Codex, esc_attr()

Encodes the <, >, &, ” and ‘ (less than, greater than, ampersand, double quote and single quote) characters. Will never double encode entities.

Always use when escaping HTML attributes (especially form values) such as alt, value, title, etc.

(Emphasis mine.)

Further reading: Data Validation

Edited to add — I didn’t address the first part of the question: If WP_User_Query does its own data validation, then do we really need to use esc_attr() at all?

The Codex page for WP_User_Query doesn’t seem to say one way or the other whether any data validation is done. (Searching the page for valid and escape turns up nothing, as well.) This, combined with a note from the esc_attr() page — “Will never double encode entities” — indicates to me that there’s no harm in using esc_attr() on the values you’re passing. Better safe than sorry, especially with untrusted user-provided data, right?

Related Posts:

  1. WP_User_Query to exclude users with no posts
  2. How to Use Wildcards in $wpdb Queries Using $wpdb->get_results & $wpdb->prepare?
  3. WP_User_Query will not combine meta + normal search methods
  4. WP_User_Query users by registered date
  5. User appears twice in a WP_User_Query
  6. Want to add my custom prepare query but add_filter doesn’t run
  7. each_connected in wp_user_query with Scribu’s Posts to Posts Plugin – Alternative method? [closed]
  8. Sort WP_User_Query by meta_key value with pre_user_query
  9. WP_User_Query Custom Field meta_query with Date clause
  10. Ordering WP_User_Query results by the user IDs used in the include parameter
  11. Get users in query and limit user output to five in random order
  12. Echo the number of users using WP_User_Query?
  13. I am not understandinhg $wpdb->prepare correctly
  14. Query Users by login, meta & role
  15. Basic Wp_user_query not finding any users
  16. Modify user table search results
  17. WP_User_Query not displaying any user [closed]
  18. Exclude Users of a Certain Role in the Users Page
  19. Save users last visited blogs within whole network
  20. Snippett for create field in registration for users
  21. What’s the proper way to add users to my site in order to test things?
  22. WordPress WP_User_Query($args) using Where and Like
  23. WP_User_Query unexpected output after upgrading toWordPress 4.0.1
  24. Trouble inserting string containing quotations marks with wpdb in save_post hook
  25. WP_User_Query Filter Results
  26. custom post type ‘pre_[cpt]_query’ hook
  27. WordPress get last inserted user id
  28. Can you return users of a higher role than the current user using get_users()?
  29. WP_User_Query with 2 sets of conditions ‘AND’
  30. Escaping a WPDB Object in One Shot
  31. unable to modify user table search results based on meta key
  32. Problem with WP_User_Query when ‘meta_value’ is an array
  33. Wp_user_query search by meta_key not returning any results
  34. WP_User_Query is Not Displaying Results
  35. What’s the Use of ‘\r’ escape sequence?
  36. $wpdb->get_row() only returns a single row?
  37. Query to sort a list by meta key first (if it exists), and show remaining posts without meta key ordered by title
  38. How to print translation supported text with HTML URL
  39. how to escape wp_oembed_get for phpcs
  40. Wp_User_Query not sorting by meta key
  41. How to make an activities stream mixing posts and comments?
  42. Can I use $wpdb for my custom tables in the WordPress database?
  43. Custom Plugin Database relations
  44. What does wp_update_post() do that the $wpdb class does not?
  45. $wpdb returns no results with SELECT query on custom post type, works on default post type
  46. WPDB: how to get the value of a field in a custom database table
  47. Escape hexadecimals/rgba values
  48. esc_attr not working in shortcode
  49. Converting mysql to $wpdb
  50. XOR functionality for meta_query
  51. How can I migrate mysql_fetch_array to $wbpdb?
  52. plugin ajax to external php file always return null
  53. Show MySQL errors that occur when I excute $wpdb->insert()
  54. how to delete 30 day old data using PHP [closed]
  55. Does balanceTags() provide any escaping / protection?
  56. Echo a hierarchical list of post data from custom fields
  57. How to create database table, add data, update and delete using wpdb via plugins?
  58. Correct way to perform non-cacheable DB query
  59. $wpdb select all meta for each post
  60. Does WordPress $wpdb functions wait when table is locked?
  61. Insert custom postmeta when custom post type published
  62. How do I count columns on a custom WPDB query?
  63. Ajax call in wordpress not working for subscriber user
  64. How can I add a new row in a separate database when someone registers via WordPress?
  65. Clear Terms from Taxonomy for Specific Post IDs?
  66. Get posts from category with custom query
  67. How to use mysql LIKE with wpdb?
  68. $wpdb->insert() doesnt work anymore
  69. How to insert image path in database to display product image in wp-admin?
  70. WP_User_Query with more than two custom meta values
  71. $wpdb->update Issue
  72. WPDB Query Question with Category Only
  73. Fetching review value using wpdb class
  74. Display the list of user’s comments + the post title + date
  75. Limit left join
  76. Help with $wpdb on custom code
  77. Filter in Custom post type to find the parent post
  78. “BS_” rows in postmeta table
  79. Get records from Formidable Table using $wpdb->get_col
  80. problem in using wpdb->prepare and a string placeholder
  81. Exclude Posts Using Meta Query and User Meta
  82. What argument does my function need to echo get_results() query results
  83. Can’t Install WordPress (local) Failed to open file wp-includes/wp-db.php
  84. Missing argument 2 for wpdb::prepare() [duplicate]
  85. MySQL query in WordPress with AJAX
  86. Display result from custom post meta query
  87. How can I include user meta information in the resulting array of a WP_User_Query?
  88. How to add next height number in Order Attributes inside the Add new page. [duplicate]
  89. Save customizer default values to DB on theme activation
  90. Plugin with connection to database – Single function
  91. Alter the main search query to search posts by coauthor user name
  92. Query Custom Fields in Searchform
  93. Display future posts in archive
  94. Fire query on ajax post url page
  95. Wpdb generates too many queries
  96. Where is escaped the shortcode?
  97. Using `esc_attr( get_block_wrapper_attributes() )`, results in `class=””wp-block-foo””`
  98. Adding custom fields to Wired Impact Volunteer Management Plugin
  99. WordPress / PHP: Check if column has value and then check if value in array
  100. Woocommerce permalink URL change in DB
tech