How do I sanitize the str_replace function in javascript variables

esc_js() is intended for escaping data for use within an HTML attribute. If you want to escape data for use within an inline script, wp_json_encode() should be sufficient. For example: var disabledDays = <?php echo wp_json_encode( $iva_disable_days ); ?>; This outputs: var disabledDays = [“4\/7\/2018″,”11\/18\/2017”]; If you check the variable in your dev tools console, … Read more

Output Sanitation

Your code is working correctly. If you look at the source code of the page, you will see: &lt;script&gt;alert(&#039;Test&#039;)&lt;/script&gt; When the above text gets processed for display by your browser, it then becomes <script>alert(‘Test’)</script> which is what you want to be displayed.

Require user to input code from an array of allowed codes with Gravity Forms [closed]

Try below code: add_filter( ‘gform_field_validation’, ‘custom_validation’, 10, 4 ); function custom_validation( $result, $value, $form, $field ) { $arrWhitelist = array(‘XH6D’, ‘8U2A’, ‘L9D3’); if ( $result[‘is_valid’] && !in_array( $value, $arrWhitelist )) { $result[‘is_valid’] = false; $result[‘message’] = ‘Please enter a value less than 10’; } return $result; } Further, You can review validation in more detail … Read more

confused about sanitize_email after is_email [duplicate]

Regarding the edited question, here’s another old Q&A, which might actually be a better reference, Should I sanitize an email address before passing it to the is_email() function?, especially @kaiser’s answer. And regarding kaiser’s Funny sidefact now as I had a look at the sources for both functions (is_email(), sanitize_email()), they are indeed basically the … Read more

Settings API – getting hidden input / submit button’s name

Using $_POST is too low level. Simply give it the same name as your other options. When you options are displayed they should have the names of the form: my_settings[a_particular_option]. For instance: <input name=”my_settings[some_input_option]”/> Then for your hidden input and submit button: <input type=”hiddden” name=”my_settings[foo]” value=”bar”/> <input name=”my_settings[SubmitButton]” type=”submit” class=”button-primary” value=”<?php _e(‘Save Changes’); ?>”/> In … Read more

protect user submitted posts

Take a look at WordPress codex Data Validation entry, it covers most of the validation functions that come built-in with WordPress which you can use to validate your form submission.

Data sanitization for user registration and user login

You can check my tutorial for front-end user registration and login in WordPress: http://www.cozmoslabs.com/1012-wordpress-user-registration-template-and-custom-user-profile-fields/ As to the wp_signon, wp_insert_user, wp_create_user and wp_update_user they take care of all sanitation and validation of your content. Also you don’t need to use those filters in wp_create_user to create your users.

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)