sanitize_user_field

Sanitize user field based on context.

Description

sanitize_user_field( (string) $field, (mixed) $value, (int) $user_id, (string) $context ); 

Possible context values are: raw,, edit , db., display, attribute and js. The display context is used by default. attribute and js contexts are treated like display when calling filters.

Parameters (4)

0. $field (string)
The user Object field name.
1. $value (mixed)
The user Object value.
2. $user_id (int)
The user id.
3. $context (string)
How to sanitize user fields. Looks for raw,, edit , db., display, attribute and js.

Usage

  1. if ( !function_exists( 'sanitize_user_field' ) ) { 
  2. require_once ABSPATH . WPINC . '/user.php'; 
  3.  
  4. // The user Object field name. 
  5. $field = ''; 
  6.  
  7. // The user Object value. 
  8. $value = null; 
  9.  
  10. // The user id. 
  11. $user_id = -1; 
  12.  
  13. // How to sanitize user fields. Looks for 'raw', 'edit', 'db', 'display', 
  14. // 'attribute' and 'js'. 
  15. $context = ''; 
  16.  
  17. // NOTICE! Understand what this does before running. 
  18. $result = sanitize_user_field($field, $value, $user_id, $context); 
  19.  

Defined (1)

The function is defined in the following location(s).

/wp-includes/user.php  
  1. function sanitize_user_field($field, $value, $user_id, $context) { 
  2. $int_fields = array('ID'); 
  3. if ( in_array($field, $int_fields) ) 
  4. $value = (int) $value; 
  5.  
  6. if ( 'raw' == $context ) 
  7. return $value; 
  8.  
  9. if ( !is_string($value) && !is_numeric($value) ) 
  10. return $value; 
  11.  
  12. $prefixed = false !== strpos( $field, 'user_' ); 
  13.  
  14. if ( 'edit' == $context ) { 
  15. if ( $prefixed ) { 
  16.  
  17. /** This filter is documented in wp-includes/post.php */ 
  18. $value = apply_filters( "edit_{$field}", $value, $user_id ); 
  19. } else { 
  20.  
  21. /** 
  22. * Filters a user field value in the 'edit' context. 
  23. * The dynamic portion of the hook name, `$field`, refers to the prefixed user 
  24. * field being filtered, such as 'user_login', 'user_email', 'first_name', etc. 
  25. * @since 2.9.0 
  26. * @param mixed $value Value of the prefixed user field. 
  27. * @param int $user_id User ID. 
  28. */ 
  29. $value = apply_filters( "edit_user_{$field}", $value, $user_id ); 
  30.  
  31. if ( 'description' == $field ) 
  32. $value = esc_html( $value ); // textarea_escaped? 
  33. else 
  34. $value = esc_attr($value); 
  35. } elseif ( 'db' == $context ) { 
  36. if ( $prefixed ) { 
  37. /** This filter is documented in wp-includes/post.php */ 
  38. $value = apply_filters( "pre_{$field}", $value ); 
  39. } else { 
  40.  
  41. /** 
  42. * Filters the value of a user field in the 'db' context. 
  43. * The dynamic portion of the hook name, `$field`, refers to the prefixed user 
  44. * field being filtered, such as 'user_login', 'user_email', 'first_name', etc. 
  45. * @since 2.9.0 
  46. * @param mixed $value Value of the prefixed user field. 
  47. */ 
  48. $value = apply_filters( "pre_user_{$field}", $value ); 
  49. } else { 
  50. // Use display filters by default. 
  51. if ( $prefixed ) { 
  52.  
  53. /** This filter is documented in wp-includes/post.php */ 
  54. $value = apply_filters( $field, $value, $user_id, $context ); 
  55. } else { 
  56.  
  57. /** 
  58. * Filters the value of a user field in a standard context. 
  59. * The dynamic portion of the hook name, `$field`, refers to the prefixed user 
  60. * field being filtered, such as 'user_login', 'user_email', 'first_name', etc. 
  61. * @since 2.9.0 
  62. * @param mixed $value The user object value to sanitize. 
  63. * @param int $user_id User ID. 
  64. * @param string $context The context to filter within. 
  65. */ 
  66. $value = apply_filters( "user_{$field}", $value, $user_id, $context ); 
  67.  
  68. if ( 'user_url' == $field ) 
  69. $value = esc_url($value); 
  70.  
  71. if ( 'attribute' == $context ) { 
  72. $value = esc_attr( $value ); 
  73. } elseif ( 'js' == $context ) { 
  74. $value = esc_js( $value ); 
  75. return $value;