Support

Account

Home Forums Front-end Issues Is sanitization required for front end form? Reply To: Is sanitization required for front end form?

  • Ok, done some more digging/reading.

    The sanitize_meta function I mentioned above simply adds a filter that you can then hook to do custom sanitization. As per the codex function – it doesn’t do any sanitization itself. So that’s kind of irrelevant.

    However, further down, the actual DB update is done using $wpdb->update, which does escape the data.

    What I’m not entirely sure yet is whether one then needs to do any additional sanitization. Also whether I’m ok to use the_field, get_field etc as-is when outputting data, or whether these need escaping?

    This post was helpful: http://wordpress.stackexchange.com/questions/44807/sanitize-vimeo-embed-code