WordPress Plugin Security: Sanitazing Input

WordPress offer a variety of functions to sanitize input. Sanitizing is a process of formatting input into a standardized formats. This can help mitigate potentially unsafe data and convert them into safe ones.

Functions which goes in sanitize_*() series can do many of sanitizing process. One example is the sanitize_email(). This functions will do validation on several things and strips out characters not allowed in email, some validation implemente are:

  • Test for minimum email length
  • Test for @ character which signify email address
  • Test for invalid characters
  • Test for leading and trailing periods and whitespaces

After validating the function will return a valid email address which can be used.

Other sanitizing functions will have different validation and conversion process according to the context of the data.


WordPress Plugin Handbook: Sanitizing Input

WordPress Code Reference: sanitize_email()