Detailed analysis of WordPress filtering links and filtering SQL statements _php tips

Esc_url () (Filter link)
Many URLs will have small errors, with the Esc_url () function to mask or fix these errors, and to reject unsecured protocols.

What the Esc_url () function does:

Default reject is not the url:defaulting to HTTP, HTTPS, FTP, FTPS, mailto, news, IRC, gopher, NNTP, feed, and telnet of the following protocol
Delete invalid characters and dangerous characters
Convert characters to HTML entity characters
How to use

Esc_url ($url, $protocols, $_context);

Parameters

$url

(string) (must be) the URL to be filtered.

Default value: None

$protocols

(array) (optional) An array of protocols that can receive the protocol, if not set, the default is: Defaulting to HTTP, HTTPS, FTP, FTPS, mailto, news, IRC, gopher, NNTP, feeds, and Telnet.

Default value: None

$_context

(optionally) How to return the URL.

Default value: (String) display

return value

(string) returns the filtered link.

Example

<?php echo esc_url (' www.endskin.com ');//output: http://www.endskin.com?>

More

This function is located at: wp-includes/formatting.php

Esc_sql () (Filter SQL statement)
Esc_sql () is used to filter the strings that are ready to be added to the SQL statement to prevent SQL injection and SQL statements from being disturbed by data interference.

Usage

Esc_sql ($data);

Parameters

$data

(string) (must) the string to be filtered.

Default value: None

return value

(string) returns the filtered string that can be added directly to the SQL statement.

Example

$name = Esc_sql ($name);
$status = Esc_sql ($status);
$wpdb->get_var ("Select something from table WHERE foo = ' $name ' and status = ' $status '");

More

This function is located at: wp-includes/formatting.php