Esc_url () (Filter link)
Many URLs will have small errors, with the Esc_url () function to mask or fix these errors, and to reject unsecured protocols.
What the Esc_url () function does:
Default reject is not the url:defaulting to HTTP, HTTPS, FTP, FTPS, mailto, news, IRC, gopher, NNTP, feed, and telnet of the following protocol
Delete invalid characters and dangerous characters
Convert characters to HTML entity characters
How to use
Esc_url ($url, $protocols, $_context);
Parameters
$url
(string) (must be) the URL to be filtered.
Default value: None
$protocols
(array) (optional) An array of protocols that can receive the protocol, if not set, the default is: Defaulting to HTTP, HTTPS, FTP, FTPS, mailto, news, IRC, gopher, NNTP, feeds, and Telnet.
Default value: None
$_context
(optionally) How to return the URL.
Default value: (String) display
return value
(string) returns the filtered link.
Example
<?php echo esc_url (' www.endskin.com ');//output: http://www.endskin.com?>
More
This function is located at: wp-includes/formatting.php
Esc_sql () (Filter SQL statement)
Esc_sql () is used to filter the strings that are ready to be added to the SQL statement to prevent SQL injection and SQL statements from being disturbed by data interference.
Usage
Parameters
$data
(string) (must) the string to be filtered.
Default value: None
return value
(string) returns the filtered string that can be added directly to the SQL statement.
Example
$name = Esc_sql ($name);
$status = Esc_sql ($status);
$wpdb->get_var ("Select something from table WHERE foo = ' $name ' and status = ' $status '");
More
This function is located at: wp-includes/formatting.php