Cheat Code #2: wp_unslash All The Things

Reading Time: < 1 minute

You’re seeing this a month later than you could have. Sign up now to get development Cheat Codes just like this delivered directly into your inbox each week.

If you’ve worked with submitting form data in WordPress you may have run into issues with quotes being slashed. 

WordPress automatically escapes single and double quotes from any user input data as a security measure.

Let’s say a user enters their name as “Mike O’Reilly”. If you were to access that data directly with $_POST['name'] it would output “Mike O\’Reilly”.

WordPress provides the wp_unslash  function to remove those slashes for use in your code. Using wp_unslash( $_POST['name'] ); would output “Mike O’Reilly”.

If you setup your editor to follow the WordPress Coding Standards, you’ll see that it reminds you to use wp_unslash anytime you’re accessing $_POST data among other user input data.

More Reading:
Good explanation of why
Coding standards

Pin It on Pinterest