esc_ (clean validate sanitize) (tag)

esc_attr()

Escaping for HTML attributes. Converts <, >, &, ", ' characters to HTML entities. Does not make double escaping.
esc_attr__()

Translates the text using esc_attr().
esc_attr_e()

Display translated text that has been escaped for safe use in an HTML tag attribute.
esc_html()

Escaping for HTML blocks. Converts <, >, &, ", ' characters to HTML entities.
esc_html__()

Translates specified string and escapes it for safe use in HTML output.
esc_html_e()

Translates specified string and escape/clears it for showing on screen - replaces special characters in it with HTML entities.
esc_js()

Escapes string for save use in JavaScript. Escape single quotes, htmlspecialchar " < > &, and fix line endings.
esc_sql()

Prepares data for use in a MySQL query. Protects against SQL injections. May accept an array of strings for processing.
esc_textarea()

Escaping text / string for use in html textarea tag.
esc_url()

Cleans a URL for use in text, fixes incorrect and removes unsafe characters.
esc_url_raw()

Cleans URL for use in database query, redirects, and HTTP requests. Not cleans for a safe display.
tag_escape()

Cleans an HTML tag name. Removes all characters except a-zA-Z0-9_:. Converts the string to lowercase (lowercase letters).
urlencode_deep()

Iterates over all elements of the array and processes all values with the function urlencode(). A string can also be passed.
wp_specialchars_decode()

Converts (decodes) HTML entities to their HTML characters. Changes only: &, <, >, ", '
wp_strip_all_tags()

Removes all HTML tags from passed content. Script/Style tags removed with their content.