I am not understandinhg $wpdb->prepare correctly
I have a query that runs fine in raw PHP but I cannot run using $wpdb. I seem to be missing something in … Read more
escaping
Must I serialize/sanitize/escape array data before using set_transient?
Everything is in the question. For a notices system to show warnings/errors in the admin, I´m using transient. When I published my first … Read more
PHP sprintf escaping %
I want the following output:- About to deduct 50% of € 27.59 from your Top-Up account. when I do something like this:- $variablesArray[0] … Read more
How to properly escape a translated string?
I’m having trouble understanding how to escape a translated string with WordPress… The following piece of code is from the WordPress codex : … Read more
Sanitizing comments or escaping comment_text()
I’m creating a template for comments on my WordPress site. I noticed that a simple <script>alert(1);</script> slips through the default WP codex implementation … Read more
why is esc_html() returning nothing given a string containing a high-bit character?
In PHP 5.2, filter_var() sanitizes text. In WP, esc_html() sanitizes text. The former works with a high-bit character in the text string, e.g. … Read more
How can I escape a single quote?
How can I escape a ‘ (single quote) in HTML? This is where I’m trying to use it: <input type=”text” id=’abc’ value=”hel”lo’> The … Read more
How to escape double quotes in a title attribute
I am trying to use a string that contains double quotes in the title attribute of an anchor. So far I tried these: … Read more
Escaping single quote in PHP when inserting into MySQL [duplicate]
This question already has answers here: How can I prevent SQL injection in PHP? (28 answers) Closed 6 years ago. I have a … Read more
Prevent add_shortcode from escaping a tag
In my plugin, I’m rendering a shortcode with some inline JavaScript. WordPress seems to hate the closing CDATA tag (]]>), as it escapes … Read more