esc_url() (Filtering links)
Many URLs will have some minor errors. Use the esc_url() function to block or correct these errors and reject unsafe protocols.
What the esc_url() function does:
Reject URLs that are not the following protocols by default: defaulting to http, https, ftp, ftps, mailto, news, irc, gopher, nntp, feed and telnet
Remove invalid characters and dangerous ones Character
Convert characters into HTML entity characters
Usage
esc_url( $url, $protocols, $_context );
Parameters
$url
(string) (required) The URL to be filtered.
Default value: None
$protocols
( Array) (optional) An array of protocols that can be received. If not set, the default is: defaulting to http, https, ftp, ftps, mailto, news, irc, gopher, nntp, feed and telnet.
Default: None
$_context
(String) (optional) How to return the URL.
Default value: (String) display
Return value
(String) Returns the filtered link.
Example
<?php echo esc_url( 'www.endskin.com' );//输出:http://www.endskin.com ?>
More
This function is located at: wp-includes/formatting.php
esc_sql() (filter Sql statement)
esc_sql() is used to filter the string to be added to the Sql statement , to prevent Sql injection and Sql statements from being interfered with by data and causing exceptions.
Usage
esc_sql( $data );
Parameters
$data
(String) (required) The string to filter.
Default value: None
Return value
(String) Returns the filtered string, which can be added directly to the Sql statement.
Example
$name = esc_sql( $name ); $status = esc_sql( $status ); $wpdb->get_var( "SELECT something FROM table WHERE foo = '$name' and status = '$status'" );
More
This function is located at: wp-includes/formatting.php
The above has introduced a detailed explanation of the methods of filtering links and filtering SQL statements in WordPress, including the relevant content. I hope it will be helpful to friends who are interested in PHP tutorials.