Validation of variables in WordPress

You block advertising

Please disable ad blocker

Read more

Validation of variables in WordPress is more than necessary to ensure maximum protection for your site. According to statistics, WordPress is one of the most, if not most, hacked CMS system. Of course, the main reason is that WordPress is the most popular CMS and there are basically more sites on it than on others. But also the developer is often neglected to protect their websites and their customers’ websites. Today we will talk about the four most necessary functions for variable validation.

One of the most common functions for variable validation is esc_attr (). All the variables that you display in the templates must be cleared with this function:

$text = ‘some text’;
echo esc_attr( $text );

To validate url use esc_url ():

$url = ‘’;
echo esc_url( $url );

To safely work with databases, you need to validate the variable with esc_sql ():

$option = esc_sql( $key );
$wpdb->get_var( "SELECT meta_value FROM table WHERE meta_key = ‘$option’";

esc_html () replaces html tags and returns formatted text, often used to output text in a template:

echo esc_html(‘Some text’, ‘text_domain’);

Do not forget to use the above functions to make your site as secure as possible.

P.S. This is especially important if you create themes or plugins for ThemeForest or CodeCanyon.


If you have found a spelling error, please, notify us by selecting that text and pressing Ctrl+Enter.

Comments (0)
Leave a Reply

Your email address will not be published. Required fields are marked *