What is the best way to sanitize data?

No the sanitization is already done. Well the mysql_real_escape_string is done, it’s considered bad form to filter html on input. I personally think doing it on output kinda breaches DRY. If you did in WordPress I highly suspect somewhere else will do it again resulting in double html entities encoding.

Also by the way, wpdb::insert is basically just a wrapper for wpdb::prepare.

Related Posts:

  1. Should I sanitize an email address before passing it to the is_email() function?
  2. Escaping and sanitizing SVGs in metabox textarea
  3. What is the difference between wp_strip_all_tags and wp_filter_nohtml_kses?
  4. Reason for Lowercase usernames
  5. Should nonce be sanitized?
  6. esc_url removes white space. Can I change that to using ‘-‘?
  7. WP Coding standards – escaping the inescapable?
  8. Sanitatizing when using the posts_where hook
  9. Escape hexadecimals/rgba values
  10. Must I serialize/sanitize/escape array data before using set_transient?
  11. How to save html and text in the database?
  12. Echo JavaScript Safely
  13. wpdb get_results() and prepare when to use prepare?
  14. wp_kses ignore allowed and allow everything
  15. Sanitize array callback for the WordPress Settings API
  16. sanitize_text_field and apostrophe problem
  17. How to escape $_GET and check if isset?
  18. What’s a safe / good way to output HTML safely within WordPress templates?
  19. Do Not Understand → Rule No. 4: Making Data Safe Is About Context [closed]
  20. Sanitizing output that contains quotes?
  21. WP_Customize_Manager: How to get control ID
  22. How to use wp_filter_oembed_result?
  23. Where is the HTML-handler part in the wpdb class?
  24. Sanitization html output itself
  25. Post text sanitization after publishing/editing – changes are not saved
  26. wp_set_object_terms() without accents
  27. Escaping data from database (users table) is necessary?
  28. Properly sanitize an input field “Name “
  29. What is the proper way to sanitize $_POST and $_GET vars?
  30. Why is sanitize_text_field() selectively trimming data?
  31. Return only Count from a wp_query request?
  32. Sanitizing integer input for update_post_meta
  33. Which KSES should be used and when?
  34. $wpdb->prepare() warning in WordPress 3.5
  35. WP doesn’t show Array Custom Fields?
  36. Use WP_Query with a custom SQL query
  37. Sanitizing post content for use in an email
  38. Delete/replace img tags in post content for auto published posts [closed]
  39. SQL query not working in alphabetical post title/content search
  40. Print out WordPress user ID – two sites with same code but different output
  41. wpdb-> not adding prefix to custom table
  42. $wpdb variable throw this error Call to a member function get_results() on a non-object in
  43. What is the difference between sanitize_text_field() and wp_filter_nohtml_kses()?
  44. Creating a Front-end based User Search
  45. Get multiple custom field values in a $wpdb query [duplicate]
  46. Query WP data with the WPDB API from outside WordPress
  47. where to apply “apply filters” and other Sanitization Functions
  48. WordPress get pagination on wpdb get_results
  49. Why would switch_to_blog stop working?
  50. How to sanitize user input?
  51. wp-admin post.php JavaScript Links Not Working
  52. creating custom function to log actions in plugin
  53. How to use $wpdb (from the template) to update the DB, without being an admin
  54. Return XML of Post Metadata
  55. Querying wpdb using PHP
  56. Use WordPress MultiSite (WPMS) with a remote database for each created site
  57. How to do set post permalinks using 6 digit random unique function?
  58. Database query works fine outside WordPress
  59. Problem in inserting row to custom database table
  60. How to query custom post types with mixed AND & OR statements for custom fields
  61. $wpdb->insert inserting only f character in custom table
  62. How to test the outcome of a wpdb query?
  63. Cannot get wpdb data (Error in a simple fuction) [closed]
  64. Why does wpdb->update delete other meta?
  65. Make a SQL query with wpdb in WordPress
  66. Getting variable from Database
  67. Custom $wpdb returns unexpected time based results
  68. Specify strict ‘order by’ in WordPress query
  69. $wpdb->update() always need a second try
  70. How to get specific attribute from DB
  71. Displaying data from another database
  72. Save sql file after doing insert wpdb
  73. Query custom taxonomy for category including children
  74. Can I use wpdb to insert query results into a post?
  75. $wpdb->prepare error after WordPress update [duplicate]
  76. How to use checked() function with multiple check box group? How to properly sanitize that checkbox group?
  77. Get post featured image id with $wpdb
  78. What’s wrong with this wpdb query?
  79. How do I have a user upload a blog post and then retrieve that to display in a card on the site?
  80. Display current ranking of post as a number in post title
  81. How to pass an input value into wpdb->Prepare
  82. ob_end_flush(): failed to send buffer of zlib output compression (0) in external php
  83. Fill New Taxonomies
  84. What is the correct way to search 3 custom fields only in WordPress?
  85. How to save Checkbox-Options in Plugin Options Page
  86. No result after wpdb->insert
  87. Help posting values to DB on submit using $wpdb->query
  88. Update database record in plugin
  89. Dedicated server and WPDB Class : huge slow-down of the website
  90. Escaping and sanitization
  91. $wpdb how can i save my postmeta table before querying it
  92. wpdb insert working in one function, but not another
  93. Fetching array of postmeta with $wpdb and in_array conditional
  94. Proper way to trigger a MySQL query via link in a plugin
  95. Sanitizing a custom query’s clauses
  96. Can’t get expected result from a wpdb query
  97. pull custom fields values from wp-database in a nested foreach loop
  98. $wpdb->insert not working for last select option
  99. Query Problem in Clustom Plugin
  100. inner-wrap div pushing custom table far down on page

Leave a Comment