WP-Mix

A fresh mix of code snippets and tutorials

Escape input with WordPress

WordPress makes it easy to escape untrusted input to prevent SQL-injection, XSS (cross-site scripting), and other nefarious bits of text. Here is a quick rundown of WordPress’ built-in escape functions.

WordPress provides the following template tags to encode any/all instances of these characters: < > & " ' (left angled-bracket, right angled-bracket, ampersand, double quote, single quote). As a bonus, these tags will never double-encode entities. Here is the list:

Happy escaping!

Learn more

Digging Into WordPressWordPress Themes In DepthWizard’s SQL Recipes for WordPress

WordPress Resources

[ WordPress Themes In Depth ] [ .htaccess made easy ] [ GA Pro: WordPress + Google Analytics ] [ Blackhole Pro: Trap and Block Bad Bots ] [ Banhammer Pro: Hammer the Enemy ] [ SAC Pro: WordPress Chat Plugin ]

Subscribe to WP-Mix

Project Demos

Popular Posts

Recent Posts

Random Posts

RSS Feed

Grab the RSS Feed ›

1613 readers
Feed Statistics
About the Author

Jeff Starr is a professional developer, designer, author, and publisher with over 15 years of experience. He writes books and tutorials, develops plugins, and runs his own business.

About the Site

WP-Mix is where I share code snippets, tricks, and tips. WP-Mix was launched in October 2012, and now features 414 posts. You can check out the latest post published on Aug 29, 2024. Learn more ›

Contact

A few ways to connect:

© 2012–2024 Monzilla Media shapeSpace Sitemap Feed Privacy Made in the USA