sanitize_text_field() WordPress Function

The sanitize_text_field() function is a built-in function in WordPress that is used to clean up data before saving it to the database. It is used to remove unwanted characters from a string, such as special characters, HTML tags, and excessive whitespace. This function can be used on both the front-end and back-end of WordPress.

sanitize_text_field( string $str ) #

Sanitizes a string from user input or from the database.

Contents

Description

  • Checks for invalid UTF-8,
  • Converts single < characters to entities
  • Strips all tags
  • Removes line breaks, tabs, and extra whitespace
  • Strips octets

Top ↑

See also

Top ↑

Parameters

$str

(string)(Required)String to sanitize.

Top ↑

Return

(string) Sanitized string.

Top ↑

More Information

Basic Usage

<?php sanitize_text_field( $str ) ?>

Top ↑

Source

File: wp-includes/formatting.php

function sanitize_text_field( $str ) {
	$filtered = _sanitize_text_fields( $str, false );

	/**
	 * Filters a sanitized text field string.
	 *
	 * @since 2.9.0
	 *
	 * @param string $filtered The sanitized string.
	 * @param string $str      The string prior to being sanitized.
	 */
	return apply_filters( 'sanitize_text_field', $filtered, $str );
}

Expand full source codeCollapse full source codeView on TracView on GitHub

Top ↑

Top ↑

Uses

Uses
UsesDescription
wp-includes/formatting.php:_sanitize_text_fields()

Internal helper function to sanitize a string from user input or from the database.

wp-includes/formatting.php:sanitize_text_field

Filters a sanitized text field string.

wp-includes/plugin.php:apply_filters()

Calls the callback functions that have been added to a filter hook.

Top ↑

Used By

Used By
Used ByDescription
wp-includes/rest-api/endpoints/class-wp-rest-pattern-directory-controller.php:WP_REST_Pattern_Directory_Controller::prepare_item_for_response()

Prepare a raw block pattern before it gets output in a REST API response.

wp-includes/rest-api/endpoints/class-wp-rest-site-health-controller.php:WP_REST_Site_Health_Controller::get_directory_sizes()

Gets the current directory sizes for this install.

wp-includes/class-wp-application-passwords.php:WP_Application_Passwords::create_new_application_password()

Creates a new application password.

wp-includes/class-wp-application-passwords.php:WP_Application_Passwords::update_application_password()

Updates an application password.

wp-includes/rest-api/endpoints/class-wp-rest-plugins-controller.php:WP_REST_Plugins_Controller::sanitize_plugin_param()

Sanitizes the “plugin” parameter to be a proper plugin file with “.php” appended.

wp-includes/sitemaps/class-wp-sitemaps.php:WP_Sitemaps::render_sitemaps()

Renders sitemap templates based on rewrite rules.

wp-admin/includes/ajax-actions.php:wp_ajax_toggle_auto_updates()

Ajax handler to enable or disable plugin and theme auto-updates.

wp-admin/includes/class-wp-debug-data.php:WP_Debug_Data::debug_data()

Static function for generating site debug data when required.

wp-admin/includes/ajax-actions.php:wp_ajax_health_check_get_sizes()

Ajax handler for site health check to get directories and database sizes.

wp-includes/l10n.php:determine_locale()

Determine the current locale desired for the request.

wp-admin/includes/class-wp-privacy-requests-table.php:WP_Privacy_Requests_Table::get_views()

Get an associative array ( id => link ) with the list of views available on this table.

wp-admin/includes/class-wp-privacy-requests-table.php:WP_Privacy_Requests_Table::prepare_items()

Prepare items to output.

wp-admin/includes/privacy-tools.php:_wp_personal_data_handle_actions()

Handle list table actions.

wp-includes/class-wp-customize-manager.php:WP_Customize_Manager::handle_load_themes_request()

Loads themes into the theme browsing/installation UI.

wp-includes/widgets/class-wp-widget-custom-html.php:WP_Widget_Custom_HTML::update()

Handles updating settings for the current Custom HTML widget instance.

wp-includes/rest-api.php:rest_sanitize_value_from_schema()

Sanitize a value based on a schema.

wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php:WP_REST_Attachments_Controller::create_item()

Creates a single attachment.

wp-admin/includes/ajax-actions.php:wp_ajax_delete_plugin()

Ajax handler for deleting a plugin.

wp-includes/customize/class-wp-customize-nav-menu-setting.php:WP_Customize_Nav_Menu_Setting::sanitize()

Sanitize an input.

wp-includes/customize/class-wp-customize-nav-menu-item-setting.php:WP_Customize_Nav_Menu_Item_Setting::sanitize()

Sanitize an input.

wp-includes/class-wp-customize-nav-menus.php:WP_Customize_Nav_Menus::ajax_search_available_items()

Ajax handler for searching available menu items.

wp-admin/includes/ajax-actions.php:wp_ajax_update_plugin()

Ajax handler for updating a plugin.

wp-signup.php:validate_another_blog_signup()

Validates a new site sign-up for an existing user.

wp-signup.php:validate_blog_signup()

Validates new site signup.

wp-admin/includes/user.php:edit_user()

Edit user settings based on contents of $_POST

wp-admin/includes/media.php:media_handle_upload()

Saves a file submitted from a POST request and create an attachment post for it.

wp-admin/includes/post.php:edit_post()

Updates an existing post with values provided in $_POST.

wp-admin/includes/ajax-actions.php:wp_ajax_save_attachment()

Ajax handler for updating attachment attributes.

wp-includes/class-wp-customize-manager.php:WP_Customize_Manager::save()

Handles customize_save WP Ajax request to save/update a changeset.

wp-includes/widgets/class-wp-nav-menu-widget.php:WP_Nav_Menu_Widget::update()

Handles updating settings for the current Navigation Menu widget instance.

wp-includes/widgets/class-wp-widget-recent-comments.php:WP_Widget_Recent_Comments::update()

Handles updating settings for the current Recent Comments widget instance.

wp-includes/widgets/class-wp-widget-tag-cloud.php:WP_Widget_Tag_Cloud::update()

Handles updating settings for the current Tag Cloud widget instance.

wp-includes/widgets/class-wp-widget-recent-posts.php:WP_Widget_Recent_Posts::update()

Handles updating the settings for the current Recent Posts widget instance.

wp-includes/widgets/class-wp-widget-categories.php:WP_Widget_Categories::update()

Handles updating settings for the current Categories widget instance.

wp-includes/widgets/class-wp-widget-text.php:WP_Widget_Text::update()

Handles updating settings for the current Text widget instance.

wp-includes/widgets/class-wp-widget-calendar.php:WP_Widget_Calendar::update()

Handles updating settings for the current Calendar widget instance.

wp-includes/widgets/class-wp-widget-meta.php:WP_Widget_Meta::update()

Handles updating settings for the current Meta widget instance.

wp-includes/widgets/class-wp-widget-archives.php:WP_Widget_Archives::update()

Handles updating settings for the current Archives widget instance.

wp-includes/widgets/class-wp-widget-search.php:WP_Widget_Search::update()

Handles updating settings for the current Search widget instance.

wp-includes/widgets/class-wp-widget-pages.php:WP_Widget_Pages::update()

Handles updating settings for the current Pages widget instance.

wp-includes/user.php:register_new_user()

Handles registering a new user.

wp-includes/post-template.php:wp_page_menu()

Displays or retrieves a list of pages with an optional home link.

Show 37 more used byHide more used by

Top ↑

Changelog

Changelog
VersionDescription
2.9.0Introduced.
Download the latest version of WordPress from https://wordpress.org/

The content displayed on this page has been created in part by processing WordPress source code files which are made available under the GPLv2 (or a later version) license by theĀ Free Software Foundation. In addition to this, the content includes user-written examples and information. All material is subject to review and curation by the WPPaste.com community.

Show More