This codex page explains it pretty well I think. The most important and commonly used function is probably esc_attr. Take this example: <a href=”https://wordpress.stackexchange.com/questions/48660/<?php print $author_url; ?>” title=”<?php print $author_name; ?>”> <?php print $author_name; ?> </a> If $author_name contains a ” character you get your attribute closed, and if that character is followed by onclick=”do_something();” … Read more
Here’s a way to do it with PHP’s array map function: // Good idea to make sure things are set before using them $tags = isset( $_POST[‘tags’] ) ? (array) $_POST[‘tags’] : array(); // Any of the WordPress data sanitization functions can be used here $tags = array_map( ‘esc_attr’, $tags );
There are two concepts here: validation – making sure data is valid, i.e. an integer is an integer, a date is a date (in the right format etc). This should be done just before saving the data. sanitisation – making the date safe for its use in the current context (e.g. escaping SQL queries, or … Read more
You are almost there. The function you need is sanitize_title_with_dashes( $title )
If the type of each of your input variables is a string and you want to sanitize them all at once, you can use: This will sanitize your $_GET and $_POST arrays. Seen here: PHP -Sanitize values of a array