esc_url() (filtering links)
Many URLs will have some minor errors. Use the esc_url() function to block or correct these errors, and reject unsafe protocols.
What the esc_url() function does:
Defaulting to URLs that are not the following protocols: defaulting to http, https, ftp, ftps, mailto, news, irc, gopher, nntp, feed and telnet
Remove invalid and dangerous characters
Convert characters to HTML entity characters
How to use
esc_url( $url, $protocols, $_context );
Parameters
$url
(String) (required) URL to be filtered.
Default value: None
$protocols
(array) (optional) An array of protocols that can be received. If not set, the default is: defaulting to http, https, ftp, ftps, mailto, news, irc, gopher, nntp, feed and telnet.
Default value: None
$_context
(String) (optional) How to return the URL.
Default: (String) display
Return value
(String) Returns the filtered link.
Example
<?php echo esc_url( 'www.endskin.com' );//输出:http://www.endskin.com ?>
More
This function is located at: wp-includes/formatting.php
esc_sql() (filter Sql statement)
esc_sql() is used to filter the strings to be added to Sql statements to prevent Sql injection and Sql statements from being interfered with by data and causing exceptions.
Usage
esc_sql( $data );
Parameters
$data
(String) (Required) The string to filter.
Default value: None
Return value
(string) returns the filtered string, which can be added directly to the Sql statement.
Example
$name = esc_sql( $name ); $status = esc_sql( $status ); $wpdb->get_var( "SELECT something FROM table WHERE foo = '$name' and status = '$status'" );
More
This function is located at: wp-includes/formatting.php
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
