Wordpressframework~30 mins

Data sanitization in Wordpress - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Data Sanitization in WordPress

📖 Scenario: You are building a WordPress plugin that accepts user input from a form. To keep your site safe and clean, you need to sanitize the data before saving it.

🎯 Goal: Learn how to use WordPress functions to sanitize different types of user input before processing or saving it.

📋 What You'll Learn

Create variables with example user input data

Add a configuration variable for allowed HTML tags

Sanitize the user input using WordPress sanitization functions

Prepare the sanitized data for safe output or storage

💡 Why This Matters

🌍 Real World

Sanitizing user input is essential to protect WordPress sites from malicious code and keep data clean.

💼 Career

Understanding WordPress data sanitization is important for plugin and theme developers to build secure and reliable websites.

Progress0 / 4 steps

Create user input variables

Create three variables with these exact names and values:
$user_name = "John Doe";, $user_email = "john@example.com";, $user_bio = "I love coding!";

Wordpress

# Create variables for user input data
# Your code here

Need a hint?

Use simple PHP variables with the exact names and values given.

Define allowed HTML tags

Create a variable called $allowed_tags and set it to an array allowing only <b> and <i> tags.

Wordpress

$user_name = "John Doe";
$user_email = "john@example.com";
$user_bio = "I love alert('hack'); coding!";

# Define allowed HTML tags
# Your code here

Need a hint?

Use an associative array with tag names as keys and empty arrays as values.

Sanitize the user input

Sanitize the variables using WordPress functions:
Use wp_kses() with $allowed_tags for $user_name,
use sanitize_email() for $user_email,
and use wp_kses() with $allowed_tags for $user_bio. Store results in $clean_name, $clean_email, and $clean_bio respectively.

Wordpress

$user_name = "John Doe";
$user_email = "john@example.com";
$user_bio = "I love alert('hack'); coding!";

$allowed_tags = array('b' => array(), 'i' => array());

# Sanitize user input variables
# Your code here

Need a hint?

Use the exact function names and variable names as given.

Prepare sanitized data for output

Create an array called $sanitized_data with keys 'name', 'email', and 'bio' holding the sanitized variables $clean_name, $clean_email, and $clean_bio respectively.

Wordpress

$user_name = "John Doe";
$user_email = "john@example.com";
$user_bio = "I love alert('hack'); coding!";

$allowed_tags = array('b' => array(), 'i' => array());

$clean_name = wp_kses($user_name, $allowed_tags);
$clean_email = sanitize_email($user_email);
$clean_bio = wp_kses($user_bio, $allowed_tags);

# Create an array with sanitized data
# Your code here

Need a hint?

Use an associative array with the exact keys and values as specified.