I was reading about Sanitizing and Escaping in wordpress, but i'm not sure the best way to do this, should i do this at the beggining, when i obtain the user input..or i should do it every single time i want to use this data(inlcude when i use echo,etc). for example here
<?php //variables
$author = sanitize_text_field(get_post_meta( get_the_ID(), 'author', true ));
$link = esc_url(get_permalink());
?>
<?php if($count < $pars_limit || $pars_limit==0): ?>
<div class="col-md-<?php echo $col;?>">
<div class="img-wrap">
<?php if ( has_post_thumbnail() ) : // check if the post has a Post Thumbnail assigned to it. ?>
<a href="<?php echo $link;?>">
<?php the_post_thumbnail('full');?>
</a>
<?php else : ?>
<a href="<?php echo $link;?>">
<?php
echo '<img src="' . plugins_url( '/asset/images/default.jpg', __FILE__ ) . '" > ';
?>
here i satinize the varialbes at the beginning, should i do that again whith the echo's?? thanks!
