Detailed explanation of WordPress Development Filter Properties and SQL statements function using _php instance

Esc_attr () (Filter properties)
It is usually the following format when writing the tag properties of Html code:

<input type= "text" name= "rep" value= "Rep_value"/>

What if the value attribute is dynamically output?

<input type= "text" name= "rep" value= "<?php Echo get_option (' Rep_value ');?>"/>

However, if the properties of the dynamic output have special characters such as double quotes, angle brackets, and so on, the Html code is scrambled, and the esc_attr () function can be used to escape the properties of the output.

How to use

Esc_attr ($text);

Parameters

The string that $text (string) (must) be escaped. Default value: None

return value

Returns the escaped string.

Example

<input type= "text" name= "rep" value= "<?php Echo esc_attr (get_option (' Rep_value '));?>"/>

Other

This function is located at: wp-includes/formatting.php

Esc_sql () (Filter SQL statement)
Esc_sql () is used to filter the strings that are ready to be added to the SQL statement to prevent SQL injection and SQL statements from being disturbed by data interference.

Usage

Esc_sql ($data);

Parameters

$data

(string) (must) the string to be filtered.

Default value: None

return value

(string) returns the filtered string that can be added directly to the SQL statement.

Example

$name = Esc_sql ($name);
$status = Esc_sql ($status);
$wpdb->get_var ("Select something from table WHERE foo = ' $name ' and status = ' $status '");

More

This function is located at: wp-includes/formatting.php