esc_attr（）和sanitize_text_field（）之间的确切区别

If any WordPress dev can help me to understand what is the exact difference between functions esc_attr() and sanitize_text_field() ?

I would like to submit email value to the database first and then retrieve the same in different classes that I've created. With sanitize_text_field I am able to remove html tags like h2, h3 and other but I do not quite understand what exactly est_attr function does while echoing both. Below is the snippet of my function, any detailed explanation with example will help me and others who wants to understand it thoroughly. Or are there any better alternative php or wp functions to use while submitting such information to database and retrieve the same?

public static function smtp_email_id()
{
    $smtp_email_id = esc_attr( get_option( 'smtp_email_id' ) );
    echo '<input type="email" class="regular-text" name="smtp_email_id" value="'.$smtp_email_id.'" placeholder="username@email.com" />';
}

Thank you guys

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
duanci1858 2017-11-29 05:09
关注
esc_attr($str) - Escaping for HTML attributes. Encodes the <, >, &, ” and ‘ (less than, greater than, ampersand, double quote and single quote) characters.

sanitize_text_field($str) - Behinds the scenes, the function does the following:

Checks for invalid UTF-8 (uses wp_check_invalid_utf8()) Converts single < characters to entity

Strips all tags

Remove line breaks, tabs and extra white space

Strip octets
解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

变量$ term_id不会出现在wordpress的get_term_meta函数中 database php
2018-04-25 18:50

回答 1 已采纳 I figured out, how to do this in case anyone else needs this: I didn't define $term_id, and I al
在WooCommerce和电话字段验证问题中添加自定义注册字段 php
2017-10-05 22:34

回答 1 已采纳 Note: Your special registration form located in the footer is something different than WooComme
WooCommerce：在任何地方添加/显示产品或变体自定义字段 php
2019-04-20 12:29

回答 1 已采纳 I have revisited and completed your existing code as for example it was not working on product var
自定义表单插件 php,如何利用WordPress创建自定义注册表单插件，wordpress表单_PHP教程...
2021-05-06 09:16

hust2014wt的博客 $nickname = sanitize_text_field( $_POST['nickname'] ); $bio = esc_textarea( $_POST['bio'] ); // call @function complete_registration to create the user // only when no WP_error is found complete_...
在文本框中提交联系表单默认文本 php
2018-06-30 18:33

回答 1 已采纳 Rather than using placeholder="I am interested in: '.get_the_title().' " you could use this: echo
WordPress自定义元框不会保存 javascript jquery php
2017-08-13 18:52

回答 1 已采纳 Here is the working debugged code. The post meta was being saved. But it wasnt displaying because
wordpress中的自定义新闻稿插件开发 php
2017-01-04 08:52

回答 1 已采纳 To remove Name: go this way, just change your line to this one. $headers = "From: <$email>"
wordpress 插件_如何构建WordPress插件（第2部分）
2020-07-18 10:33

culiu9261的博客 we went through the basics of creating a WordPress plugin, using the WordPress Plugin Boilerplate, using its really handy generator, and learned how to add, sanitize, and save basic input types....
将WordPress Post Meta保存到数据库不起作用 database php
2017-02-23 09:31

回答 1 已采纳 An update on this question. It appears that I had a comma at the very end just after the post - so
Wordpress注册创建页面未找到即将提交表单 php
2017-04-23 13:22

回答 1 已采纳 You get a 404 because your form action is "sign-up" and I assume that you didn't create such an ur
Jquery根据复选框状态显示/隐藏 javascript jquery php
2015-11-15 15:06

回答 1 已采纳 Is jQuery loaded? Do you add the event handler after the page has loaded - Is the ID unique? L
WordPress 文章添加自定义字段面板 add_meta_box函数
2023-01-03 10:00

程序小小生的博客 WordPress文章添加自定义字段面板 add_meta_box函数。...创建的文章类型仅有标题和正文内容，但是我们在开发WordPress主题时，以及wordpress自定义字段操作函数，但是对于WordPress文章自定义字段的时候.
攻击者可以在关闭JavaScript的情况下绕过Ajax Form ajax javascript php
2014-08-05 03:05

回答 1 已采纳 An attacker can send a form without using the HTML you provide him. In your case, your form is usi
get_the_category_list
2017-02-23 09:07

Aurora Polaris的博客 sanitize_text_field urlencode_deep wp_kses sanitize_title url_shorten wp_kses_array_lc sanitize_title_for_query utf8_uri_encode wp_kses_attr sanitize_title_with_dashes wpautop wp_kses_bad_protocol ...
wordpress文本框_在WordPress中将元框添加到帖子类型
2020-08-31 13:02

culi3182的博客 $my_data = sanitize_text_field( $_POST['global_notice'] ); // Update the meta field in the database. update_post_meta( $post_id, '_global_notice', $my_data ); } add_action( 'save_post', 'save_global_...
wordpress安全_使用内置WordPress功能编码安全主题
2020-08-27 02:43

culi3118的博客 sanitize_text_field( $str ) sanitizes a string provided by the user or a database, but you can use it to sanitize any data you’d like to be just plain text: sanitize_text_field( $str )清理用户或...
wordpress插件_在5分钟内建立您自己的WordPress联络表单插件
2020-08-29 05:22

culi3182的博客 function deliver_mail() { // if the submit button is clicked, send the email if ( isset( $_POST['cf-submitted'] ) ) { // sanitize form values $name = sanitize_text_field( $_POST["cf-name"] );...
sql注入空格被过滤_分析多款WordPress插件中的SQL注入漏洞
2020-11-20 07:07

weixin_39833687的博客开发者可以使用sanitize_email()来过滤邮件地址，或者使用sanitize_text_field()来过滤文本框值，或者使用sanitize_sql_orderby()来验证SQL ORDER BY字句等。WordPress中的sanitize_*()类辅助函数已经覆盖了大多数...
sql注入空格被过滤_深度解析 | 多款WordPress插件中的SQL注入漏洞
2020-11-20 07:07

weixin_39658966的博客开发者可以使用sanitize_email()来过滤邮件地址，或者使用sanitize_text_field()来过滤文本框值，或者使用sanitize_sql_orderby()来验证SQL ORDER BY字句等。WordPress中的sanitize_*()类辅助函数已经覆盖了大多数...
没有解决我的问题, 去提问

悬赏问题

¥15 如何用Labview在myRIO上做LCD显示？(语言-开发语言)
¥15 Vue3地图和异步函数使用
¥15 C++ yoloV5改写遇到的问题
¥20 win11修改中文用户名路径
¥15 win2012磁盘空间不足,c盘正常，d盘无法写入
¥15 用土力学知识进行土坡稳定性分析与挡土墙设计
¥70 PlayWright在Java上连接CDP关联本地Chrome启动失败,貌似是Windows端口转发问题
¥15 帮我写一个c++工程
¥30 Eclipse官网打不开，官网首页进不去，显示无法访问此页面，求解决方法
¥15 关于smbclient 库的使用

esc_attr（）和sanitize_text_field（）之间的确切区别

1条回答 默认 最新

悬赏问题

1条回答默认最新