Detailed explanation of how to filter links and filter SQL statements in WordPress

esc_url() (Filtering links)
Many URLs will have some minor errors. Use the esc_url() function to block or correct these errors and reject unsafe protocols.

What the esc_url() function does:

Reject URLs that are not the following protocols by default: defaulting to http, https, ftp, ftps, mailto, news, irc, gopher, nntp, feed and telnet
Remove invalid characters and dangerous ones Character
Convert characters into HTML entity characters
Usage

esc_url( $url, $protocols, $_context );

Parameters

$url

(string) (required) The URL to be filtered.

Default value: None

$protocols

( Array) (optional) An array of protocols that can be received. If not set, the default is: defaulting to http, https, ftp, ftps, mailto, news, irc, gopher, nntp, feed and telnet.

Default: None

$_context

(String) (optional) How to return the URL.

Default value: (String) display

Return value

(String) Returns the filtered link.

Example

<&#63;php echo esc_url( 'www.endskin.com' );//输出：http://www.endskin.com &#63;>

More

This function is located at: wp-includes/formatting.php

esc_sql() (filter Sql statement)
esc_sql() is used to filter the string to be added to the Sql statement , to prevent Sql injection and Sql statements from being interfered with by data and causing exceptions.

Usage

esc_sql( $data );

Parameters

$data

(String) (required) The string to filter.

Default value: None

Return value

(String) Returns the filtered string, which can be added directly to the Sql statement.

Example

$name = esc_sql( $name );
$status = esc_sql( $status );
$wpdb->get_var( "SELECT something FROM table WHERE foo = '$name' and status = '$status'" );

More

This function is located at: wp-includes/formatting.php

The above has introduced a detailed explanation of the methods of filtering links and filtering SQL statements in WordPress, including the relevant content. I hope it will be helpful to friends who are interested in PHP tutorials.