How to escape strange characters from text field input?

It’s a must practice to sanitize all data from user input before insert to database.

To escape unwanted characters, use the core WordPress core function sanitize_text_field():

$title = sanitize_text_field( $_POST['title'] );
update_post_meta( $post->ID, 'title', $title );

Behind the scenes, sanitize_text_field() does the following:

  • Checks for invalid UTF-8
  • Converts single less-than characters (<) to entity
  • Strips all tags
  • Removes line breaks, tabs and extra white space
  • Strips octets

Leave a comment

Your email address will not be published. Required fields are marked *