sanitize_post_field

Sanitize post field based on context.

Description

sanitize_post_field( (string) $field, (mixed) $value, (int) $post_id, (string) $context = 'display' );

Possible context values are: raw,, edit , db, display, attribute and js. The display context is used by default. attribute and js contexts are treated like display when calling filters.

Parameters (4)

0. $field (string): The Post Object field name.
1. $value (mixed): The Post Object value.
2. $post_id (int): The post id.
3. $context — Optional. (string) => 'display': How to sanitize post fields. Looks for raw,, edit , db., display, attribute and js. Default display.

Usage

if ( !function_exists( 'sanitize_post_field' ) ) { 
    require_once ABSPATH . WPINC . '/post.php'; 
} 
  
// The Post Object field name. 
$field = ''; 
  
// The Post Object value. 
$value = null; 
  
// The post id. 
$post_id = -1; 
  
// Optional. How to sanitize post fields. Looks for 'raw', 'edit', 
// 'db', 'display', 'attribute' and 'js'. Default 'display'. 
$context = 'display'; 
  
// NOTICE! Understand what this does before running. 
$result = sanitize_post_field($field, $value, $post_id, $context);

Defined (1)

The function is defined in the following location(s).

/wp-includes/post.php

function sanitize_post_field( $field, $value, $post_id, $context = 'display' ) { 
    $int_fields = array('ID', 'post_parent', 'menu_order'); 
    if ( in_array($field, $int_fields) ) 
        $value = (int) $value; 
 
    // Fields which contain arrays of integers. 
    $array_int_fields = array( 'ancestors' ); 
    if ( in_array($field, $array_int_fields) ) { 
        $value = array_map( 'absint', $value); 
        return $value; 
    } 
 
    if ( 'raw' == $context ) 
        return $value; 
 
    $prefixed = false; 
    if ( false !== strpos($field, 'post_') ) { 
        $prefixed = true; 
        $field_no_prefix = str_replace('post_', '', $field); 
    } 
 
    if ( 'edit' == $context ) { 
        $format_to_edit = array('post_content', 'post_excerpt', 'post_title', 'post_password'); 
 
        if ( $prefixed ) { 
 
            /** 
             * Filters the value of a specific post field to edit. 
             * 
             * The dynamic portion of the hook name, `$field`, refers to the post 
             * field name. 
             * 
             * @since 2.3.0 
             * 
             * @param mixed $value   Value of the post field. 
             * @param int   $post_id Post ID. 
             */ 
            $value = apply_filters( "edit_{$field}", $value, $post_id ); 
 
            /** 
             * Filters the value of a specific post field to edit. 
             * 
             * The dynamic portion of the hook name, `$field_no_prefix`, refers to 
             * the post field name. 
             * 
             * @since 2.3.0 
             * 
             * @param mixed $value   Value of the post field. 
             * @param int   $post_id Post ID. 
             */ 
            $value = apply_filters( "{$field_no_prefix}_edit_pre", $value, $post_id ); 
        } else { 
            $value = apply_filters( "edit_post_{$field}", $value, $post_id ); 
        } 
 
        if ( in_array($field, $format_to_edit) ) { 
            if ( 'post_content' == $field ) 
                $value = format_to_edit($value, user_can_richedit()); 
            else 
                $value = format_to_edit($value); 
        } else { 
            $value = esc_attr($value); 
        } 
    } elseif ( 'db' == $context ) { 
        if ( $prefixed ) { 
 
            /** 
             * Filters the value of a specific post field before saving. 
             * 
             * The dynamic portion of the hook name, `$field`, refers to the post 
             * field name. 
             * 
             * @since 2.3.0 
             * 
             * @param mixed $value Value of the post field. 
             */ 
            $value = apply_filters( "pre_{$field}", $value ); 
 
            /** 
             * Filters the value of a specific field before saving. 
             * 
             * The dynamic portion of the hook name, `$field_no_prefix`, refers 
             * to the post field name. 
             * 
             * @since 2.3.0 
             * 
             * @param mixed $value Value of the post field. 
             */ 
            $value = apply_filters( "{$field_no_prefix}_save_pre", $value ); 
        } else { 
            $value = apply_filters( "pre_post_{$field}", $value ); 
 
            /** 
             * Filters the value of a specific post field before saving. 
             * 
             * The dynamic portion of the hook name, `$field`, refers to the post 
             * field name. 
             * 
             * @since 2.3.0 
             * 
             * @param mixed $value Value of the post field. 
             */ 
            $value = apply_filters( "{$field}_pre", $value ); 
        } 
    } else { 
 
        // Use display filters by default. 
        if ( $prefixed ) { 
 
            /** 
             * Filters the value of a specific post field for display. 
             * 
             * The dynamic portion of the hook name, `$field`, refers to the post 
             * field name. 
             * 
             * @since 2.3.0 
             * 
             * @param mixed  $value   Value of the prefixed post field. 
             * @param int    $post_id Post ID. 
             * @param string $context Context for how to sanitize the field. Possible 
             *                        values include 'raw', 'edit', 'db', 'display',  
             *                        'attribute' and 'js'. 
             */ 
            $value = apply_filters( $field, $value, $post_id, $context ); 
        } else { 
            $value = apply_filters( "post_{$field}", $value, $post_id, $context ); 
        } 
 
        if ( 'attribute' == $context ) { 
            $value = esc_attr( $value ); 
        } elseif ( 'js' == $context ) { 
            $value = esc_js( $value ); 
        } 
    } 
 
    return $value; 
}