Database Search and Replace Script in PHP

Search Replace DB version 3.1.0 allows you to carry out database wide search/replace actions that don’t damage PHP serialized strings or objects with a user friendly interface and experience.

Installation & Use

search-replace-mobile-screenshot Now acts like a web app!

Please read all instructions and familiarise yourself with the risks of using this tool first, downloading of this tool signifies your acceptance of the risks and problems associated with the script.

To use the script, download the zip file from below, extract the folder called search-replace-db-master (assuming you are using the 3.1.0 version), renaming it to something secret of your choosing, upload it via FTP, SFTP or SCP to your web server’s public facing directory, then navigate to that folder in your browser. The script will automatically attempt to find and populate the database field but you must check that the details are correct and that it is for the database you wish to carry out a search/replace operation on.

A typical WP install with this script would have the folders as follows:


IMPORTANT: Do not place the contents of the script’s folder into your root directory! It isn’t designed or supposed to run from there and, if you use the auto-delete functionality, it will delete everything in that folder, which could wipe out your site. I can’t stress this enough. If this isn’t clear for you it would be a good idea to seek expert help – hire a developer for an hour or two to come and do this for you.

To see how you can use this tool to aid migrations, check out our article on WordPress migrations or visit the WP Tuts+ article that mentions this script.

If you are in any doubt whatsoever about how to use this standalone script, then please consider getting an expert in. It’s a really powerful bit of code that if used badly can damage a WP install beyond repair. If you want help, get in somebody like us, for example, or any of the other great guys listed over at CodePoet.

IMPORTANT: This code is supplied with no warranty or support implied. You use it entirely at your own risk. The code is licensed under the GPL V3 and you should be aware of its limitations and how they affect you and your use of this code. Please also read the instructions and warnings provided and always take a verified backup of your database before starting.

Download v 3.1.0

Older server? Try v 2.1.0


Please beware of adverts that offer a download button!

Why is there an ad here? Because the small amount of revenue this advert might bring us helps to go towards the not inconsiderable cost of running the search/replace project. It’s in the order of thousands of pounds, believe it or not, and we’re working to a new version with better compatibility and this will help.


Test 20160504:
* Version 3.1.0 (Web UI and CLI versions) tested against PHP 7.0.6 and functioned correctly.
* Version 2.1.0 confirmed to not work with PHP 7.0.6 but is kept for use on older servers.

Version 3.1.0:
* Safety checks to prevent deletion when installed incorrectly. However, you should still take care when dealing with files on your server.
* JavaScript popup confirmation on ‘Delete Me’.
* Port number option in both the GUI and CLI. Use –port nnn to set a non-default MySQL port.
* Fixed Drupal bootstrap behaviour. Start up of script uses Drupal data as guide, no longer relies on a full successful Drupal initialisation before script will allow you to proceed.
* Driver selection improved so that PDO will be attempted first if PDO+mysql is available, with mysqli being used as a fallback. This fixes ‘driver not found’ errors.
* Removed mysql_ functions and replaced with mysqli_.
* Improved JS preview overlay for dry runs. This means that the right pane will always show the most accurate data possible. If serialised strings are present, highlights are not displayed.

Version 3.0.0:
* Major overhaul
* Multibyte string replacements
* UI completely redesigned
* Removed all links from script until ‘delete’ has been clicked to avoid security risk from our access logs
* Search replace functionality moved to it’s own separate class
* Replacements done table by table to avoid timeouts
* Convert tables to InnoDB
* Convert tables to utf8_unicode_ci
* Use PDO if available
* Preview/view changes
* Optionally use preg_replace()
* Scripts bootstraps WordPress/Drupal to avoid issues with unknown serialised objects/classes
* Added marketing stuff to deleted screen (sorry but we’re running a business!)

Version 2.2.0 (never formally released but patched into v3.0.0):
* Added remove script patch from David Anderson (
* Added ability to replace strings with nothing
* Copy changes
* Added code to recursive_unserialize_replace to deal with objects not just arrays. This was submitted by Tina Matter.
* ToDo: Test object handling. Not sure how it will cope with object in the db created with classes that don’t exist in anything but the base PHP.

For changes prior to v2.2.0 please refer to index.php where you will find a complete changelog. You can also browse the project on github.

To Be Done

Ensure UTF8 encoding is enforced (see comments). Added in v2.1.0
Self deletion or security system to prevent accidental security risks. Added in v3.0.0
Release CLI version for use on non-WP sites, or for other purposes (already supports use on any MySQL DB.) Added in v3.0.0
Change to GPL V3. Added in v3.0.0
Eliminate warnings and remove deprecated function calls. Added in v2.1.0
Add facility to subscribe to interconnect/it Newsletter. Added in v3.0.0
Confirm deletion has actually happened.
Add old versions for download to this page.


We’d love to get contributions, bug reports and more on the Search Replace DB public github repository. Please come on over – you’ll be more than welcome!


We’ve been asked a lot in the comments box below about accepting donations. But you can’t believe what a headache that is from an accounting and tax perspective.

Consequently all we can say is that if you wish to you can buy a personal gift for the key developers from one of the wishlists below – especially given that it’s a spare time project. If others who have contributed wish to provide us their wishlist links then we’d be more than happy to add them.

David Coveney is the project lead.
James Whitehead added the nice UI in v2.0+.
Robert O’Rourke created version 3.0.0 with its AJAX UI and massive improvements.

  • Colin B 27 / Feb / 2017 at 9:27 am

    Fantastic tool! Works like a dream… saved me hours.

  • John V 23 / Feb / 2017 at 10:42 pm

    escape characters? I’m trying to replace (really just get rid of) a string that includes a call to a script that’s all over my wordpress pages/posts … there’s single quotes, slashes, etc. Do I have to escape characters to get it to work? It seems to do a good dry run if I search for just part of the url.

    • David Coveney
      David Coveney 3 / Mar / 2017 at 12:27 pm

      The search is rather absolute in how it works. If you search for & it won’t find the HTML & – it’ll just find the first character.

  • Joshua Jarman 18 / Feb / 2017 at 2:13 am

    I’m getting 6 false positives on wp_options and 41 on wp_postmeta whenever i search for a string that doesn’t exist. viewing the details shows the same before and after with no instance of the string. any ideas?

    • David Coveney
      David Coveney 3 / Mar / 2017 at 12:25 pm

      Sounds peculiar – what sort of string are you searching for?

  • Marco Almeida 17 / Feb / 2017 at 6:06 am

    Great tool!

    Just a heads up on some records it seems not to be able do to the replaces:

    – table wp_options, _wc_session_* records:

    – table wp_followup_customer_carts:

    • David Coveney
      David Coveney 3 / Mar / 2017 at 12:24 pm

      There’s no particular reason why it wouldn’t work for this other than, perhaps, the row being locked when you tried to update. Is this on a live website? You may have to close it for maintenance first.

  • Erik 15 / Feb / 2017 at 8:44 pm

    I read about this script from our host provider and just did our 1st run after a site migration. Pretty awesome! And the dry run feature is very cool. Nice job!

  • Fab 15 / Feb / 2017 at 3:14 am

    This is such a great tool, thanks a lot !!! It saved me a lot of time and headaches…

  • Garth 9 / Feb / 2017 at 2:22 am

    Hi there, thanks so much for this tool, it’s really a great help.

    One thing – does it work if the database’s table names have been changed from the default wp_ ?


    • David Coveney
      David Coveney 9 / Feb / 2017 at 2:33 pm

      Yes. It works on any table, including non-WP ones.

    • Kamil 21 / Feb / 2017 at 6:37 pm

      I had the same. I think the problem was that I had capital letter in my prefix. Just changed it to small one in wp-config 🙂

  • Peter Luit 6 / Feb / 2017 at 6:59 am

    Great tool, especially the ‘dry run’, to test before you do.

  • Kostas 4 / Feb / 2017 at 1:52 pm

    Thank you very much for this great script. It was a life saver for me during a wordpress multisite migration. You guys rock 😉

  • Moe Dog 2 / Feb / 2017 at 7:56 pm

    how come you guys don’t have a hover effect on the submit button below…jk Thanks for this sweet tool.

  • wpmendicant 1 / Feb / 2017 at 9:41 pm

    Just wanted to say thanks for this amazing tool. You rock.

  • Johnathan 31 / Jan / 2017 at 11:00 pm

    Inspiring work! This solves a very pervasive problem with many CMS migrations.

  • sinan 24 / Jan / 2017 at 6:38 pm

    hi. thanks for this nice tool. i have two questions. how can i search & replace a multi line string (e.g. paragraph)? is this tool allows just one line?

  • MAzZY 22 / Jan / 2017 at 4:59 pm

    Thanks a lot!
    Very good tool!

  • Viral 17 / Jan / 2017 at 6:36 am


  • josmatic 23 / Dec / 2016 at 10:14 am

    With newest version ( of phpmyadmin this tool doesn’t work. Desecription in on image:

    • David Coveney
      David Coveney 3 / Jan / 2017 at 4:07 pm

      Hi – this script has nothing to do with phpMyAdmin.

      Make sure you’ve followed the instructions correctly when installing.

  • james 20 / Dec / 2016 at 1:27 pm

    The package could not be installed. No valid plugins were found.

    Plugin install failed.

    • David Coveney
      David Coveney 29 / Dec / 2016 at 6:16 pm

      It’s not a plugin. Please read the instructions. Or get someone who’s used to this kind of work.

  • Jason Devine 18 / Dec / 2016 at 2:20 am

    Hi guys

    Just wanted to say thanks so much for this marvelous tool – as a noob theme developer it’s saved my sanity on multiple occasions now and I don’t know what I’d do without it.

    Much love!

  • Leandro 16 / Dec / 2016 at 10:10 am

    I am using Visual Composer to create my sites, but it seems that the script is not replacing links that I created inside Visual Composer. Do I have to change them manually?

    • Jonathon 25 / Jan / 2017 at 10:55 am

      Hi, I’m having the exact same problem with my site, I’m using Velvet Blues Update URLs plugin and it replaces all links in my site except for the ones in buttons I’ve created with Visual Composer of which there are quite a few. I’m desperately trying to find a solution as manually changing the links is quite a mission – did you find a solution?

      • Vladimir 4 / Feb / 2017 at 2:11 am

        Same problem here! Do you found a solution?

  • chris 1 / Dec / 2016 at 7:36 pm

    Hi, I don’t have too much experience with databases and I’m having a difficult time with what this seems to solve. How do I access the folder from my browser exactly?

  • MG 27 / Nov / 2016 at 10:43 pm


    The file “srdb.class.php” appears to be missing from the package today

    Thanks for the script.

    • MG 27 / Nov / 2016 at 10:48 pm

      I see it in the src/ directory.
      But get this error when running from the command line:

      Warning: require_once(/home/xxxx/bin/srdb.class.php): failed to open stream: No such file or directory in /home/xxxx/bin/srdb.cli.php on line 14

      Fatal error: require_once(): Failed opening required ‘/home/xxxx/bin/srdb.class.php’ (include_path=’.:/usr/lib/php:/usr/local/lib/php’) in /home/xxxx/bin/srdb.cli.php on line 14

      • MG 27 / Nov / 2016 at 10:50 pm

        I’ve temporarily copied src/srdb.class.php one directory up to get it going

    • David Coveney
      David Coveney 1 / Dec / 2016 at 5:58 pm

      Apologies – a change got released by accident. Should be fine now.

  • Heinz Fiechter 7 / Nov / 2016 at 3:25 pm

    Thanks for that tool!!!
    I’ve updated a WP installation with Avada theme and got the following message 8 times (second update from .dev. to .staging):

    2:Class__PHP_Incomplete_Class has no unserializer in /home/glppanar/www/ in line 735

    But everything looks ok …
    Any idea what happen?
    Thank you

  • Mike 3 / Nov / 2016 at 6:37 pm

    What a great tool! So nice of you to make this available for free. It works really well. Thank-you so much!

  • Mark 30 / Oct / 2016 at 9:24 am

    Why are you base64’ing code in your script? mod_security is flagging it as malicious. Seems to be a new issue.

    • David Coveney
      David Coveney 1 / Nov / 2016 at 2:42 pm

      It’s not code that’s base 64’d but images. The idea is to show branding without fetching it from a server. To be fair, given that it’s no longer a single file application that could now be included in the checkout. So I’ll add a case to fix that. Thanks for highlighting the issue.

      • Mark 7 / Dec / 2016 at 12:01 pm

        Thanks! Looking forward to a fix!

  • Ven 26 / Oct / 2016 at 8:58 am

    Hi, great tool!

    Question, if you have a dump, can we still use this script?

    • David Coveney
      David Coveney 26 / Oct / 2016 at 3:58 pm

      No – it works against running databases. So you can load the dump into a new DB and then run the script, but not run it against the text.

1 52 53 54 55