A detailed explanation of how to filter links and filter SQL statements in WordPress

Esc_url () (Filter link)
Many URLs will have minor errors, using the Esc_url () function to block or correct these errors, and to reject unsafe protocols.

The work of the Esc_url () function is as follows:

Default deny is not url:defaulting to HTTP, HTTPS, FTP, FTPS, mailto, news, IRC, gopher, NNTP, feed, and telnet for the following protocols
Remove invalid characters and dangerous characters
Convert characters to HTML entity characters
How to use

Esc_url ($url, $protocols, $_context);

Parameters

$url

(string) (must) the URL to be filtered.

Default value: None

$protocols

(array) (optional) You can receive an array of protocols, and if not set, the default is: Defaulting to HTTP, HTTPS, FTP, FTPS, mailto, news, IRC, gopher, NNTP, feeds, and Telnet.

Default value: None

$_context

(string) (optional) How to return the URL.

Default value: (String) display

return value

(string) returns the filtered link.

Example

<?php echo esc_url (' www.endskin.com ');//output: http://www.endskin.com?>

More

This function is located at: wp-includes/formatting.php

Esc_sql () (Filter SQL statements)
Esc_sql () is used to filter the strings that are prepared to be added to the SQL statement, preventing SQL injection and SQL statements from being disturbed by data.

Usage

Esc_sql ($data);

Parameters

$data

(string) (must) the string to filter.

Default value: None

return value

(string) returns the filtered string, which can be added directly to the SQL statement.

Example

$name = Esc_sql ($name); $status = Esc_sql ($status); $wpdb->get_var ("Select something from table WHERE foo = ' $name ' and status = ' $status ');

More

This function is located at: wp-includes/formatting.php

The above introduces a detailed description of the WordPress filter link and filter SQL statements, including the aspects of the content, I hope that the PHP tutorial interested in a friend helpful.

