WP-Mix

A fresh mix of code snippets and tutorials

Escape input with WordPress

WordPress makes it easy to escape untrusted input to prevent SQL-injection, XSS (cross-site scripting), and other nefarious bits of text. Here is a quick rundown of WordPress’ built-in escape functions.

WordPress provides the following template tags to encode any/all instances of these characters: < > & " ' (left angled-bracket, right angled-bracket, ampersand, double quote, single quote). As a bonus, these tags will never double-encode entities. Here is the list:

Happy escaping!

Learn more

Digging Into WordPressWordPress Themes In DepthWizard’s SQL Recipes for WordPress

WordPress Resources

[ SAC Pro: WordPress Chat Plugin ] [ BBQ Pro: Advanced WordPress Firewall ] [ Wizard’s Collection: SQL Recipes for WordPress ] [ Banhammer Pro: Hammer the Enemy ] [ Blackhole Pro: Trap and Block Bad Bots ] [ The Tao of WordPress ]

Subscribe to WP-Mix

Project Demos

Popular Posts

Recent Posts

Random Posts

RSS Feed

Grab the RSS Feed ›

1389 readers
Feed Statistics
About the Author

Jeff Starr is a professional developer, designer, author, and publisher with over 15 years of experience. He writes books and tutorials, develops plugins, and runs his own business.

About the Site

WP-Mix is where I share code snippets, tricks, and tips. WP-Mix was launched in October 2012, and now features 409 posts. You can check out the latest post published on May 2, 2023. Learn more ›

Contact

A few ways to connect:

© 2012–2024 Monzilla Media shapeSpace Sitemap Feed Privacy Made in the USA