Access all of Typerocket. Get Pro.
Sanitize Data
( v6 )
- # Sanitizing Data
- # Textarea
- # Raw
- # Attribute
- # URL
- # SQL
- # Plaintext
- # Editor
- # Hex
- # Underscore
- # Dash
Sanitizing Data
Never trust user input. Input that is not malicious could be malformed and break your site. The Sanitize
class can help protect your site from bad data.
Textarea
Remove all blocked tags defined by WordPress like <script>
.
$filtered = \TypeRocket\Utility\Sanitize::textarea( $value );
Raw
Do not filter the value.
$filtered = \TypeRocket\Utility\Sanitize::raw( $value );
Attribute
Escape the value for use in an HTML attribute.
$filtered = \TypeRocket\Utility\Sanitize::attribute( $value );
URL
Escape the URL.
$filtered = \TypeRocket\Utility\Sanitize::url( $value );
SQL
Escape SQL for a query.
$filtered = \TypeRocket\Utility\Sanitize::sql( $value );
Plaintext
Remove all HTML tags.
$filtered = \TypeRocket\Utility\Sanitize::plaintext( $value );
Editor
Filter HTML tags based on user capabilities. For example, an administrator with the capability unfiltered_html
will be allowed to enter raw data. Other users will be restricted like when using the WordPress Editor.
$filtered = \TypeRocket\Utility\Sanitize::editor( $value , $force_filter, $auto_p);
Hex
Escape a hexadecimal value like #FFFFFF
.
$filtered = \TypeRocket\Utility\Sanitize::hex( $value );
Underscore
Remove all special characters and replace spaces and dashes with underscores allowing only a single underscore after trimming whitespace form string and lower casing.
$value = 'First Name';
echo \TypeRocket\Utility\Sanitize::underscore( $value );
Will output,
first_name
Dash
Remove all special characters and replace spaces and underscores with dashes allowing only a single dash after trimming whitespace form string and lower casing.
$value = 'First Name';
echo \TypeRocket\Utility\Sanitize::dash( $value );
Will output,
first-name
Found a typo? Something is wrong in this documentation? Fork and edit it!