How to escape strange characters from text field input?

It’s a must practice to sanitize all data from user input before insert to database.

To escape unwanted characters, use the core WordPress core function sanitize_text_field():

$title = sanitize_text_field( $_POST['title'] );
update_post_meta( $post->ID, 'title', $title );

Behind the scenes, sanitize_text_field() does the following:

  • Checks for invalid UTF-8
  • Converts single less-than characters (<) to entity
  • Strips all tags
  • Removes line breaks, tabs and extra white space
  • Strips octets

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>