I have two fields. The first is for plain text (but with special characters) and the second for html content (wp_editor is used). Both are later needed for phpmailer.
<textarea style="width:100%;height:200px;" name="doi-altbody"><?php echo $epn_doi_altbody; ?></textarea>
wp_editor( $epn_doi_body, 'doi-body', array( 'editor_height' => '300px' ) );
1) How do i correctly secure them after submitting the form and then save them in the database into a custom table that already exist? (esc_attr, sanitize_text_field …)
2) And when i want to output the content from the database in the exact and original typed version: How do i make this? (wpautop …)
I have tried a few things in the last days. But it never worked as i needed.
2 Answers
- Just use the wpdb insert and update API, no escaping or sanitizing needed as per the doc, just the raw data.
Data: (array) Data to replace (in column => value pairs). Both $data columns
and $data values should be “raw” (neither should be SQL escaped).
Something like:
$wpdb->insert(
$wpdb->prefix . "myTable",
array(
"doiBody" => $_POST['doi-body']
),
array( "%s" )
);
- No wpautop use is needed if you are outputting into the wp_editor textarea, just an
esc_attr( $output )
would be sufficient I believe.
Hope this helps somehow.