esc_attr() (filter attribute)
Generally when writing the tag attributes of Html code, it will be in the following format:
<input type="text" name="rep" value="rep_value" />
What if the value attribute is output dynamically?
<input type="text" name="rep" value="<?php echo get_option( 'rep_value' ); ?>" />
However, if the dynamically output attributes contain special characters such as double quotes and angle brackets, the Html code will be disrupted. In this case, you can use the esc_attr() function to escape the output attributes.
How to use
esc_attr( $text );
Parameters
$text (String) (Required) The string to be escaped. Default value: None
Return value
Returns the escaped string.
Example
<input type="text" name="rep" value="<?php echo esc_attr( get_option( 'rep_value' ) ); ?>" />
Others
This function is located at: wp-includes/formatting.php
esc_sql() (filter Sql statements)
esc_sql() is used to filter the strings to be added to Sql statements to prevent Sql injection and Sql statements from being interfered with by data and causing exceptions.
Usage
esc_sql( $data );
Parameters
$data
(String) (Required) The string to filter.
Default value: None
Return value
(string) returns the filtered string, which can be added directly to the Sql statement.
Example
$name = esc_sql( $name ); $status = esc_sql( $status ); $wpdb->get_var( "SELECT something FROM table WHERE foo = '$name' and status = '$status'" );
More
This function is located at: wp-includes/formatting.php
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
