Database Search and Replace Script in PHP

Search Replace DB version 3.1.0 allows you to carry out database wide search/replace actions that don't damage PHP serialized strings or objects with a user friendly interface and experience.

Now acts like a web app!

Installation & Use

Please read all instructions and familiarise yourself with the risks of using this tool first, downloading of this tool signifies your acceptance of the risks and problems associated with the script.

To use the script, download the zip file from below, extract the folder called search-replace-db-master (assuming you are using the 3.1.0 version), renaming it to something secret of your choosing, upload it via FTP, SFTP or SCP to your web server’s public facing directory, then navigate to that folder in your browser. The script will automatically attempt to find and populate the database field but you must check that the details are correct and that it is for the database you wish to carry out a search/replace operation on.

A typical WP install with this script would have the folders as follows:


IMPORTANT: Do not place the contents of the script’s folder into your root directory! It isn’t designed or supposed to run from there and, if you use the auto-delete functionality, it will delete everything in that folder, which could wipe out your site. I can’t stress this enough. If this isn’t clear for you it would be a good idea to seek expert help – hire a developer for an hour or two to come and do this for you.

To see how you can use this tool to aid migrations, check out our article on WordPress migrations or visit the WP Tuts+ article that mentions this script.

If you are in any doubt whatsoever about how to use this standalone script, then please consider getting an expert in. It’s a really powerful bit of code that if used badly can damage a WP install beyond repair. If you want help, get in somebody like us, for example, or any of the other great guys listed over at CodePoet.

IMPORTANT: This code is supplied with no warranty or support implied. You use it entirely at your own risk. The code is licensed under the GPL V3 and you should be aware of its limitations and how they affect you and your use of this code. Please also read the instructions and warnings provided and always take a verified backup of your database before starting.

Download v 3.1.0

Older server? Try v 2.1.0


Please beware of adverts that offer a download button!

Why is there an ad here? Because the small amount of revenue this advert might bring us helps to go towards the not inconsiderable cost of running the search/replace project. It’s in the order of thousands of pounds, believe it or not, and we’re working to a new version with better compatibility and this will help.


Test 20160504

  • Version 3.1.0 (Web UI and CLI versions) tested against PHP 7.0.6 and functioned correctly.
  • Version 2.1.0 confirmed to not work with PHP 7.0.6 but is kept for use on older servers.

Version 3.1.0:

  • Safety checks to prevent deletion when installed incorrectly. However, you should still take care when dealing with files on your server.
  • JavaScript popup confirmation on ‘Delete Me’.
  • Port number option in both the GUI and CLI. Use –port nnn to set a non-default MySQL port.
  • Fixed Drupal bootstrap behaviour. Start up of script uses Drupal data as guide, no longer relies on a full successful Drupal initialisation before script will allow you to proceed.
  • Driver selection improved so that PDO will be attempted first if PDO+mysql is available, with mysqli being used as a fallback. This fixes ‘driver not found’ errors
  • Removed mysql_ functions and replaced with mysqli_.
  • Improved JS preview overlay for dry runs. This means that the right pane will always show the most accurate data possible. If serialised strings are present, highlights are not displayed.

Version 3.0.0:

  • Major overhaul
  • Multibyte string replacements
  • UI completely redesigned
  • Removed all links from script until ‘delete’ has been clicked to avoid security risk from our access logs
  • Search replace functionality moved to it’s own separate class
  • Replacements done table by table to avoid timeouts
  • Convert tables to InnoDB
  • Convert tables to utf8_unicode_ci
  • Use PDO if available
  • Preview/view changes
  • Optionally use preg_replace()
  • Scripts bootstraps WordPress/Drupal to avoid issues with unknown serialised objects/classes
  • Added marketing stuff to deleted screen (sorry but we’re running a business!)

Version 2.2.0 (never formally released but patched into v3.0.0):

  • Added remove script patch from David Anderson (
  • Added ability to replace strings with nothing
  • Copy changes
  • Added code to recursive_unserialize_replace to deal with objects not just arrays. This was submitted by Tina Matter.
  • ToDo: Test object handling. Not sure how it will cope with object in the db created with classes that don’t exist in anything but the base PHP.

For changes prior to v2.2.0 please refer to index.php where you will find a complete changelog. You can also browse the project on github.

To Be Done

  • Ensure UTF8 encoding is enforced (see comments). Added in v2.1.0
  • Self deletion or security system to prevent accidental security risks. Added in v3.0.0
  • Release CLI version for use on non-WP sites, or for other purposes (already supports use on any MySQL DB.) Added in v3.0.0
  • Change to GPL V3. Added in v3.0.0
  • Eliminate warnings and remove deprecated function calls. Added in v2.1.0
  • Add facility to subscribe to interconnect/it Newsletter. Added in v3.0.0
  • Confirm deletion has actually happened.
  • Add old versions for download to this page.


We’d love to get contributions, bug reports and more on the Search Replace DB public github repository. Please come on over – you’ll be more than welcome!


We’ve been asked a lot in the comments box below about accepting donations. But you can’t believe what a headache that is from an accounting and tax perspective.

Consequently all we can say is that if you wish to you can buy a personal gift for the key developers from one of the wishlists below – especially given that it’s a spare time project. If others who have contributed wish to provide us their wishlist links then we’d be more than happy to add them.

1,562 responses to “Database Search and Replace Script in PHP

  1. Been using the tool for years. For the most part it has been bulletproof, Thanks for that! However just came across a situation where it is failing. Working on a Drupal DB. Need to update a single table/field ‘field_data_body’ / ‘body_value’ . Search/Replace strings ‘src=”/sites/default/files’ | ‘src=”/subfolder/sites/default/files’. The result states that 377of533 rows have been updated, however the reality is ALL 533 ‘body_value’ fields (the entire table) have been replaced with identical data that appears to be from one of the other rows. Thanks for any assistance.

    1. That’s strange. I mean, searching for things with a slash in is common and normal.

      Is there anything particularly strange about the data or table format? We get a lot of queries, but rarely a database dump to work with.

  2. Hi is this possible to replace links with multiple database?

  3. Fantastic tool! Works like a dream… saved me hours.

  4. escape characters? I’m trying to replace (really just get rid of) a string that includes a call to a script that’s all over my wordpress pages/posts … there’s single quotes, slashes, etc. Do I have to escape characters to get it to work? It seems to do a good dry run if I search for just part of the url.

    1. The search is rather absolute in how it works. If you search for & it won’t find the HTML & – it’ll just find the first character.

  5. I’m getting 6 false positives on wp_options and 41 on wp_postmeta whenever i search for a string that doesn’t exist. viewing the details shows the same before and after with no instance of the string. any ideas?

    1. Sounds peculiar – what sort of string are you searching for?

  6. Great tool!

    Just a heads up on some records it seems not to be able do to the replaces:

    – table wp_options, _wc_session_* records:

    – table wp_followup_customer_carts:

    1. There’s no particular reason why it wouldn’t work for this other than, perhaps, the row being locked when you tried to update. Is this on a live website? You may have to close it for maintenance first.

  7. I read about this script from our host provider and just did our 1st run after a site migration. Pretty awesome! And the dry run feature is very cool. Nice job!

  8. This is such a great tool, thanks a lot !!! It saved me a lot of time and headaches…

  9. Hi there, thanks so much for this tool, it’s really a great help.

    One thing – does it work if the database’s table names have been changed from the default wp_ ?


    1. Yes. It works on any table, including non-WP ones.

    2. I had the same. I think the problem was that I had capital letter in my prefix. Just changed it to small one in wp-config 🙂

  10. Great tool, especially the ‘dry run’, to test before you do.

Comments are closed.