Detailed explanation of the use of filter attributes and functions of Sql statements in WordPress development

esc_attr() (filter attribute)
Generally when writing the tag attribute of Html code, it will be in the following format:

<input type="text" name="rep" value="rep_value" />

What if the value attribute is output dynamically?

<input type="text" name="rep" value="<&#63;php echo get_option( 'rep_value' ); &#63;>" />

However, if the dynamically output attributes contain special characters such as double quotes and angle brackets, the Html code will be disrupted. In this case, you can use the esc_attr() function to escape the output attributes.

Usage

esc_attr( $text );

Parameters

$text (String) (required) The string to be escaped. Default value: None

Return value

Returns the escaped string.

Example

<input type="text" name="rep" value="<&#63;php echo esc_attr( get_option( 'rep_value' ) ); &#63;>" />

Others

This function is located at: wp-includes/formatting.php

esc_sql() (filter Sql statement)
esc_sql() is used to filter the strings to be added to the Sql statement to prevent Exceptions occur when Sql injection and Sql statements are interfered with by data.

Usage

esc_sql( $data );

Parameters

$data

(String) (required) The string to filter.

Default value: None

Return value

(String) Returns the filtered string, which can be added directly to the Sql statement.

Example

$name = esc_sql( $name );
$status = esc_sql( $status );
$wpdb->get_var( "SELECT something FROM table WHERE foo = '$name' and status = '$status'" );

More

This function is located at: wp-includes/formatting.php

The above has introduced a detailed explanation of the use of filter attributes and Sql statement functions in WordPress development, including the relevant aspects. I hope it will be helpful to friends who are interested in PHP tutorials.