how to sanitizing $_POST with the correct way?

Instead of looping through the array, use this: map_deep( $form_data, ‘sanitize_text_field’ ); (see the User Notes in the function doc: ) The docs state that Checks for invalid UTF-8, Converts single < characters to entities Strips all tags Removes line breaks, tabs, and extra whitespace Strips percent-encoded characters So you could also use the …

Read more

Properly sanitize an input field “Name “

You could do something like this: $input=”Name <[email protected]>”; // Break the input into parts preg_match( ‘/([^<]+)<([^>]+)>/i’, $input, $matches, PREG_UNMATCHED_AS_NULL ); // Clean the name $name = sanitize_text_field( $matches[ 1 ] ); // Clean the email $email = sanitize_email( $matches[ 2 ] ); // Bail early if the values are invalid. if ( !$name || !$email …

Read more

esc_url, esc_url_raw or sanitize_url?

This might be a more useful demonstration: <a href=”<?php echo esc_url( $url ); ?>>I’m printing a URL to the frontend</a> $url = sanitize_url( $_GET[‘user_inputted_data’] ); update_post_meta( $post_id, ‘that_url’, $url ); esc_url is an escaping function, sanitize_url is a sanitising function. Sanitising functions clean incoming data, e.g. removing letters from phone numbers, stripping trailing space etc. …

Read more

oneOf two possible objects in WP REST API?

Aight got it, the crucial missing thing was that you have to provide this part here: ‘type’ => ‘object’ twice; once when declaring the variable’s type, and once again when defining the possibilities. Otherwise, validation fails; so a proper example would be: ‘args’ => [ ‘data’ => [ ‘type’ => ‘object’, ‘oneOf’ => [ [ …

Read more

wp_set_object_terms() without accents

Just thought I’d point out, your call to remove_accent() is incorrect, you are missing the s off of accents. Example from codex: $text = “Hoy será un gran día”; echo remove_accents($text); Echo result: Hoy sera un gran dia