sanitize_post()
Sanitize every post field.
If the context is 'raw', then the post object or array will get minimal sanitization of the integer fields.
Uses: sanitize_post_field()
1 time — 0.000089 sec (very fast) | 50000 times — 3.16 sec (fast)
No Hooks.
Return
Object|WP_Post|Array. The now sanitized post object or array (will be the same type as $post).
Usage
sanitize_post( $post, $context );
- $post(object|WP_Post|array) (required)
- The post object or array
- $context(string)
- How to sanitize post fields. Accepts 'raw', 'edit', 'db', 'display', 'attribute', or 'js'.
Default: 'display'
Examples
#1 Data Cleaning Example
Suppose we get these posts in a $_POST query and we need to clean them up before displaying each of them on the screen. This can be done individually, but it's much handy to run the data through this function, like this:
$post_data = $_POST['post_data']; $post_data = sanitize_post( $post_data );
Or for use in a SQL query:
$post_data = sanitize_post( $post_data, 'db' ); // NOTE: result is not protected against sql injections
#2 Cleaning before adding to the database
Example from function wp_insert_post(), in the example I removed a lot of code to show only the essence of cleaning:
$postarr = $_POST['post_data']; // delete data about the previous cleanup unset( $postarr[ 'filter' ] ); //clear $postarr = sanitize_post($postarr, 'db'); // collect $data from parameters $postarr ......... // Remove slashes, $wpdb->insert them $data = wp_unslash( $data ); //insert $wpdb->insert( $wpdb->posts, $data );
#3 How the data is cleaned:
// let $_POST['post_data'] have the following data:
$post_data = array(
'ID' => '6129',
'post_author' => '1',
'post_date' => '2015-09-03 01:36:12',
'post_content' => 'Content " quote. <br> <foo>foo</foo> <script>something</script> ',
'post_title' => 'wp_get_post_revision',
'post_status' => 'publish',
'comment_status' => 'open',
'post_name' => 'wp_get_post_revision',
'post_content_filtered' => '',
'post_parent' => '0',
'menu_order' => '0',
'post_type' => 'func',
'comment_count' => '0'
);
// output
foreach( $post_data as $k => $v ){
echo "$k = (", gettype($v) ,") ". htmlspecialchars($v) ."\n";
}
/* We get:
ID = (string) 6129
post_author = (string) 1
post_date = (string) 2015-09-03 01:36:12
post_content = (string) Content " quote. <br> <foo>foo</foo> <script>something</script>
post_title = (string) wp_get_post_revision
post_status = (string) publish
comment_status = (string) open
post_name = (string) wp_get_post_revision
post_content_filtered = (string)
post_parent = (string) 0
menu_order = (string) 0
post_type = (string) func
comment_count = (string) 0
*/
Now let's see how the data looks after cleaning, paying attention to the types:
$post_data = sanitize_post( $post_data, 'raw' ); // raw ---------------- /* ID = (integer) 6129 post_author = (string) 1 post_date = (string) 2015-09-03 01:36:12 post_content = (string) Content " quote. <br> <foo>foo</foo> <script>something</script> post_title = (string) wp_get_post_revision post_status = (string) publish comment_status = (string) open post_name = (string) wp_get_post_revision post_content_filtered = (string) post_parent = (integer) 0 menu_order = (integer) 0 post_type = (string) func comment_count = (string) 0 filter = (string) raw */ $post_data = sanitize_post( $post_data, 'edit' ); // edit ---------------- /* ID = (string) 6129 post_author = (string) 1 post_date = (string) 2015-09-03 01:36:12 post_content = (string) Content " quote. <br> <foo>foo</foo> <script>something</script> post_title = (string) wp_get_post_revision post_status = (string) publish comment_status = (string) open post_name = (string) wp_get_post_revision post_content_filtered = (string) post_parent = (string) 0 menu_order = (string) 0 post_type = (string) func comment_count = (string) 0 filter = (string) edit */ $post_data = sanitize_post( $post_data, 'db' ); // db ---------------- /* ID = (integer) 6129 post_author = (string) 1 post_date = (string) 2015-09-03 01:36:12 post_content = (string) Content " quote. <br> <foo>foo</foo> <script>something</script> post_title = (string) wp_get_post_revision post_status = (string) publish comment_status = (string) open post_name = (string) wp_get_post_revision post_content_filtered = (string) post_parent = (integer) 0 menu_order = (integer) 0 post_type = (string) func comment_count = (string) 0 filter = (string) db */ $post_data = sanitize_post( $post_data, 'display' ); // display ---------------- /* ID = (integer) 6129 post_author = (string) 1 post_date = (string) 2015-09-03 01:36:12 post_content = (string) Content " quote. <br> <foo>foo</foo> <script>something</script> post_title = (string) wp_get_post_revision post_status = (string) publish comment_status = (string) open post_name = (string) wp_get_post_revision post_content_filtered = (string) post_parent = (integer) 0 menu_order = (integer) 0 post_type = (string) func comment_count = (string) 0 filter = (string) display */ $post_data = sanitize_post( $post_data, 'attribute' ); // attribute ---------------- /* ID = (string) 6129 post_author = (string) 1 post_date = (string) 2015-09-03 01:36:12 post_content = (string) Content "quote. <br> <foo>foo</foo> <script>something</script> post_title = (string) wp_get_post_revision post_status = (string) publish comment_status = (string) open post_name = (string) wp_get_post_revision post_content_filtered = (string) post_parent = (string) 0 menu_order = (string) 0 post_type = (string) func comment_count = (string) 0 filter = (string) js */
Notes
Changelog
| Since 2.3.0 | Introduced. |