sanitize_text_field() function do in WordPress?sanitize_text_field() does when processing user input.sanitize_text_field() removes HTML tags and encodes special characters to prevent malicious code from being saved or executed. It is used to clean plain text inputs.
echo $cleaned; output?<?php $input = "<script>alert('hack');</script>Hello <b>World</b>!"; $cleaned = sanitize_text_field($input); echo $cleaned; ?>
sanitize_text_field() removes from the input.sanitize_text_field() strips all HTML tags using wp_strip_all_tags() but retains the text content within them, resulting in 'alert('hack');Hello World!'.
$url before saving.esc_url_raw() is the correct function to sanitize URLs before saving them. It removes invalid or dangerous characters from URLs.
<?php
$email = $_POST['email'];
$clean_email = sanitize_email;
echo $clean_email($email);
?>The code assigns the function name to a variable but does not call it properly. It should call sanitize_email($email) directly.
$result after running this WordPress code?$result:<?php $input = "<a href='http://example.com'>Click</a> & <b>Bold</b>"; $step1 = wp_strip_all_tags($input); $step2 = sanitize_text_field($step1); $result = $step2; ?>
wp_strip_all_tags() removes all HTML tags leaving 'Click & Bold'. Then sanitize_text_field() trims and cleans but does not encode the ampersand, so the result is 'Click & Bold'.