Home › Forums › Front-end Issues › Is sanitization required for front end form? › Reply To: Is sanitization required for front end form?
Thanks for raising this @Sarah, I was wondering the same thing.
Skimming through the code it looks like most of the actual data saving seems to be via prepared statements or sql escaped sql code (@Elliot is that right??) so I think you’re right in thinking that it’s the output escaping that needs to be watched out for…
The approach I’m taking now is following the codex guide on output sanitisation (http://codex.wordpress.org/Data_Validation).
So for anything on the form that needs to contain some html I’m using wp_kses()
or wp_kses_post()
, anything that comes from a field not allowed to have html tags gets echo’d through esc_html()
Welcome to the Advanced Custom Fields community forum.
Browse through ideas, snippets of code, questions and answers between fellow ACF users
Helping others is a great way to earn karma, gain badges and help ACF development!
We use cookies to offer you a better browsing experience, analyze site traffic and personalize content. Read about how we use cookies and how you can control them in our Privacy Policy. If you continue to use this site, you consent to our use of cookies.