WP-Mix

A fresh mix of code snippets and tutorials

Escape input with WordPress

WordPress makes it easy to escape untrusted input to prevent SQL-injection, XSS (cross-site scripting), and other nefarious bits of text. Here is a quick rundown of WordPress’ built-in escape functions.

WordPress provides the following template tags to encode any/all instances of these characters: < > & " ' (left angled-bracket, right angled-bracket, ampersand, double quote, single quote). As a bonus, these tags will never double-encode entities. Here is the list:

Happy escaping!

Learn more

WordPress Themes In Depth