htmlentities and editing text

Do I need to sanitize the data before putting the text back in a text
box for edit.

You “sanitize” data that you are receiving. Then “escape” it when outputting.

Depending on your exact code (which you did not provide any examples of), you may want to do more than stripslashes() (or replace that altogether). WP has several built in functions for handling various kinds of data. For example:

// Use the "sanitize" functions instead of stripslashes()
$sanitized_username = sanitize_user( $_POST['user_login'] );
$sanitized_email = sanitize_email( $_POST['user_email'] );
$sanitized_fname = sanitize_text_field( $_POST['first_name'] );
$sanitized_lname = sanitize_text_field( $_POST['last_name'] );
// Now you can write these to the db or use them.

// "Escape" data when outputting
echo '<input class="' . esc_attr( $my_class ) . '" name="some_input" value="" />';

echo '<a href="' . esc_url( $my_url ) . '" />';

These are just a few examples – there are quite a few different functions within WP itself for proper data handling.

Also, you don’t need to escape data if you know for certain what it is. In your case, you’re pulling it from a database, so you shouldn’t necessarily trust it as 100% safe. But if you’re outputting something that’s contained in a variable but the variable is set in the code (i.e. you’re not pulling it from an untrusted source), then you don’t need to escape it.

Related Posts:

  1. Update Option Stored in Multi-Dimensional Array
  2. check if Gutenberg is currently in use
  3. WordPress Plugin Development – Headers Already Sent Message
  4. Get page content using slug
  5. How to include wp-load.php from any location?
  6. Correct way to enqueue jquery-ui
  7. How to echo the_excerpt without the P tag wrapper?
  8. How can I update a wordpress plugin from a Git repository (github)
  9. Is There a Plugin Life Cycle Documentation?
  10. $wpdb->insert_id
  11. Remove profile picture option (and other things) from profile.php (in admin)
  12. How to disable plugin update notification for a specific plugin in Multisite
  13. Getting old term value with edited_{$taxonomy} | Hook
  14. Building a better media uploader for WordPress
  15. Problems with localization
  16. Install and load additional plugins when running unit tests
  17. Calling clean_term_cache() fails when called in the same plugin that creates terms, succeeds when called separately?
  18. Singular name Plugin localization
  19. How do I hook a custom discount to change a WC_Order price total on WooCommerce?
  20. On plugin deactivation hide its shortcode
  21. Can I submit a plugin that follows the PSR-2 coding style guide?
  22. How to get current page id through the plugin
  23. Properly licensing a plugin that uses Apache 2.0 licensed code
  24. How to restrict plugin’s sub-menu pages to admin/subscribers?
  25. Can I dynamically create a link to my plugin settings/options page from my plugin description?
  26. Header Button Chance Polylang Elementor
  27. Print value of an array or variable in a payment plugin
  28. How to extend expiry time of jwt wordpress token?
  29. Find source of notice / warning / errors efficiently
  30. $wpdb -> Batch insert from XML File?
  31. Settings not set after calling register_setting()
  32. preprocess_comment array doesn’t have comment_ID
  33. Use wp_set_post_terms() instead of wp_insert_post()
  34. Conditionally Remove a nav menu link if session is active
  35. $content variable – Is this a reserved variable for a WordPress function? – php / wordpress
  36. Adding set of custom fields to WordPress Post in Dashboard
  37. TinyMCE 4.7.11 custom styles using styleselect – what does the ‘attributes’ argument do?
  38. Modifying meta tags after doing ajax call in plugin
  39. Modifying the default WordPress .htaccess with a plugin
  40. How to schedule a cron job in plugin without waiting for page load request?
  41. Create a free scripts and styles template within a plugin
  42. Is there a way to list all actions registered by a plugin or theme?
  43. WordPress Plugin with a shortcode that dynamically generates javascript. Can I use add_action without wrapping the javascript in a function?
  44. Call wp_generate_password() from within a Class
  45. Elementor custom Query with ACF fields to show matching woocommerce products custom fields
  46. How to enqueue style in WordPress plugin from theme files?
  47. Set different custom menu items for different user roles
  48. Getting List of all registered Dashboard Widgets
  49. Why does wp_remote_post returns an empty body response on certain endpoints?
  50. Bootstrap version conflict 3 with 4 for wordpress theme and plugin [closed]
  51. Where to write custom logs in WordPress
  52. How developed with version control word press site on shared host? [closed]
  53. pre_get_post alter current post id
  54. 3rd Party Plugin dependency – how to correctly load classes
  55. Problems with cron
  56. add_settings_field Data not passing to Options Page Like it should
  57. How do I add a favicon that only shows during viewing of my plugin’s admin panel?
  58. Can’t get CSS Into the Head via add_action
  59. Correct syntax for database inserts from plugin?
  60. Remove Default Blogroll Links via Plugin script
  61. Empty Pdf file generated with FPDF library in WordPress plugin [closed]
  62. $wpdb->update() always need a second try
  63. Filter posts in pre_get_posts order by meta value date (desc or asc)
  64. How to display the category id along with category name on categories list?
  65. Why aren’t some plugin styles loading when I load a template?
  66. My plugin won’t create table in wordpress 3.5
  67. Remove Permalink Meta Box not working?
  68. WordPress actions for plugin admin UI page
  69. Pause plugin option page until all data manipulation is complete
  70. Serial Number from custom table not appear in woocommerce_email_before_order_table action
  71. Modify custom block plugin without losing content
  72. How to replace the existing metatag using the backend to insure a thumbnail image gets fetched when we share on social media?
  73. When setting styles to an extended block that was saved as a pattern, it doesn’t remove the style that was there
  74. apply_filters() and call_user_func() to define and call a function outside a class
  75. HTML Elements in my WP Plugin being generated in JS. Security and Translated Text Question about this method being used
  76. Sanitization and validation input fields – Settings API
  77. Author Meta in Author URL Link
  78. Warning: Illegal string offset ‘Andorra’ in … on line 106
  79. Different style for specific rows in custom list table using WP_List_Table
  80. wordpress4.8.2 Multilingual Plugin
  81. get_comment_meta() for a filter hook in a plugin
  82. form does not generate $_POST request
  83. Callback function quicktags that uses variable in start tag
  84. Font Awesome stopped showing icons, shows &# text instead [closed]
  85. WordPress Plugin Tool Tip Helpers
  86. How can I add the Post ID to Class Name in Jquery?
  87. How to show metabox just in post.php in admin?
  88. $wpdb how can i save my postmeta table before querying it
  89. Create dedicated page with custom template showing custom data
  90. How can I see a varibles value when my plugin runs?
  91. Can’t switch theme after activation
  92. plugin will not offer update even though a new version is available
  93. WordPress plugin: admin-ajax.php not passing data to custom function
  94. How do I replace title with my plugin?
  95. Create pages for authors
  96. Enqueue Script in custom plugin before other
  97. How to remove a class [closed]
  98. How can I dynamically change title and description in WordPress?
  99. Elementor Top-Bar
  100. Is it possible to add Custom Dashboard Widgets to Custom Admin Menu Page?