sanitize_post_field

Sanitize post field based on context.

Description

sanitize_post_field( (string) $field, (mixed) $value, (int) $post_id, (string) $context = 'display' ); 

Possible context values are: raw,, edit , db, display, attribute and js. The display context is used by default. attribute and js contexts are treated like display when calling filters.

Parameters (4)

0. $field (string)
The Post Object field name.
1. $value (mixed)
The Post Object value.
2. $post_id (int)
The post id.
3. $context — Optional. (string) => 'display'
How to sanitize post fields. Looks for raw,, edit , db., display, attribute and js. Default display.

Usage

  1. if ( !function_exists( 'sanitize_post_field' ) ) { 
  2. require_once ABSPATH . WPINC . '/post.php'; 
  3.  
  4. // The Post Object field name. 
  5. $field = ''; 
  6.  
  7. // The Post Object value. 
  8. $value = null; 
  9.  
  10. // The post id. 
  11. $post_id = -1; 
  12.  
  13. // Optional. How to sanitize post fields. Looks for 'raw', 'edit', 
  14. // 'db', 'display', 'attribute' and 'js'. Default 'display'. 
  15. $context = 'display'; 
  16.  
  17. // NOTICE! Understand what this does before running. 
  18. $result = sanitize_post_field($field, $value, $post_id, $context); 
  19.  

Defined (1)

The function is defined in the following location(s).

/wp-includes/post.php  
  1. function sanitize_post_field( $field, $value, $post_id, $context = 'display' ) { 
  2. $int_fields = array('ID', 'post_parent', 'menu_order'); 
  3. if ( in_array($field, $int_fields) ) 
  4. $value = (int) $value; 
  5.  
  6. // Fields which contain arrays of integers. 
  7. $array_int_fields = array( 'ancestors' ); 
  8. if ( in_array($field, $array_int_fields) ) { 
  9. $value = array_map( 'absint', $value); 
  10. return $value; 
  11.  
  12. if ( 'raw' == $context ) 
  13. return $value; 
  14.  
  15. $prefixed = false; 
  16. if ( false !== strpos($field, 'post_') ) { 
  17. $prefixed = true; 
  18. $field_no_prefix = str_replace('post_', '', $field); 
  19.  
  20. if ( 'edit' == $context ) { 
  21. $format_to_edit = array('post_content', 'post_excerpt', 'post_title', 'post_password'); 
  22.  
  23. if ( $prefixed ) { 
  24.  
  25. /** 
  26. * Filters the value of a specific post field to edit. 
  27. * The dynamic portion of the hook name, `$field`, refers to the post 
  28. * field name. 
  29. * @since 2.3.0 
  30. * @param mixed $value Value of the post field. 
  31. * @param int $post_id Post ID. 
  32. */ 
  33. $value = apply_filters( "edit_{$field}", $value, $post_id ); 
  34.  
  35. /** 
  36. * Filters the value of a specific post field to edit. 
  37. * The dynamic portion of the hook name, `$field_no_prefix`, refers to 
  38. * the post field name. 
  39. * @since 2.3.0 
  40. * @param mixed $value Value of the post field. 
  41. * @param int $post_id Post ID. 
  42. */ 
  43. $value = apply_filters( "{$field_no_prefix}_edit_pre", $value, $post_id ); 
  44. } else { 
  45. $value = apply_filters( "edit_post_{$field}", $value, $post_id ); 
  46.  
  47. if ( in_array($field, $format_to_edit) ) { 
  48. if ( 'post_content' == $field ) 
  49. $value = format_to_edit($value, user_can_richedit()); 
  50. else 
  51. $value = format_to_edit($value); 
  52. } else { 
  53. $value = esc_attr($value); 
  54. } elseif ( 'db' == $context ) { 
  55. if ( $prefixed ) { 
  56.  
  57. /** 
  58. * Filters the value of a specific post field before saving. 
  59. * The dynamic portion of the hook name, `$field`, refers to the post 
  60. * field name. 
  61. * @since 2.3.0 
  62. * @param mixed $value Value of the post field. 
  63. */ 
  64. $value = apply_filters( "pre_{$field}", $value ); 
  65.  
  66. /** 
  67. * Filters the value of a specific field before saving. 
  68. * The dynamic portion of the hook name, `$field_no_prefix`, refers 
  69. * to the post field name. 
  70. * @since 2.3.0 
  71. * @param mixed $value Value of the post field. 
  72. */ 
  73. $value = apply_filters( "{$field_no_prefix}_save_pre", $value ); 
  74. } else { 
  75. $value = apply_filters( "pre_post_{$field}", $value ); 
  76.  
  77. /** 
  78. * Filters the value of a specific post field before saving. 
  79. * The dynamic portion of the hook name, `$field`, refers to the post 
  80. * field name. 
  81. * @since 2.3.0 
  82. * @param mixed $value Value of the post field. 
  83. */ 
  84. $value = apply_filters( "{$field}_pre", $value ); 
  85. } else { 
  86.  
  87. // Use display filters by default. 
  88. if ( $prefixed ) { 
  89.  
  90. /** 
  91. * Filters the value of a specific post field for display. 
  92. * The dynamic portion of the hook name, `$field`, refers to the post 
  93. * field name. 
  94. * @since 2.3.0 
  95. * @param mixed $value Value of the prefixed post field. 
  96. * @param int $post_id Post ID. 
  97. * @param string $context Context for how to sanitize the field. Possible 
  98. * values include 'raw', 'edit', 'db', 'display',  
  99. * 'attribute' and 'js'. 
  100. */ 
  101. $value = apply_filters( $field, $value, $post_id, $context ); 
  102. } else { 
  103. $value = apply_filters( "post_{$field}", $value, $post_id, $context ); 
  104.  
  105. if ( 'attribute' == $context ) { 
  106. $value = esc_attr( $value ); 
  107. } elseif ( 'js' == $context ) { 
  108. $value = esc_js( $value ); 
  109.  
  110. return $value;