W3cubDocs

/WordPress

sanitize_post_field( string $field, mixed $value, int $post_id, string $context = 'display' )

Sanitizes a post field based on context.

Description

Possible context values are: ‘raw’, ‘edit’, ‘db’, ‘display’, ‘attribute’ and ‘js’. The ‘display’ context is used by default. ‘attribute’ and ‘js’ contexts are treated like ‘display’ when calling filters.

Parameters

$field

(string) (Required) The Post Object field name.

$value

(mixed) (Required) The Post Object value.

$post_id

(int) (Required) Post ID.

$context

(string) (Optional) How to sanitize the field. Possible values are 'raw', 'edit', 'db', 'display', 'attribute' and 'js'.

Default value: 'display'

Return

(mixed) Sanitized value.

More Information

Uses apply_filters():

Calls 'edit_{$field}' and '{$field_no_prefix}_edit_pre' passing $value and $post_id if $context is 'edit' and field name prefix is 'post_'.
Calls 'edit_post_{$field}' passing $value and $post_id if $context is 'db'.
Calls 'pre_{$field}' passing $value if $context is 'db' and field name prefix is 'post_'.
Calls '{$field}_pre' passing $value if $context is 'db' and field name prefix is not 'post_'.
Calls '{$field}' passing $value, $post_id and $context if $context is anything other than 'raw', 'edit' and 'db' and field name prefix is 'post_'.
Calls 'post_$field' passing $value if $context is anything other than 'raw', 'edit' and 'db' and field name prefix is not 'post_'.

Source

File: wp-includes/post.php

function sanitize_post_field( $field, $value, $post_id, $context = 'display' ) {
	$int_fields = array( 'ID', 'post_parent', 'menu_order' );
	if ( in_array( $field, $int_fields, true ) ) {
		$value = (int) $value;
	}

	// Fields which contain arrays of integers.
	$array_int_fields = array( 'ancestors' );
	if ( in_array( $field, $array_int_fields, true ) ) {
		$value = array_map( 'absint', $value );
		return $value;
	}

	if ( 'raw' === $context ) {
		return $value;
	}

	$prefixed = false;
	if ( false !== strpos( $field, 'post_' ) ) {
		$prefixed        = true;
		$field_no_prefix = str_replace( 'post_', '', $field );
	}

	if ( 'edit' === $context ) {
		$format_to_edit = array( 'post_content', 'post_excerpt', 'post_title', 'post_password' );

		if ( $prefixed ) {

			/**
			 * Filters the value of a specific post field to edit.
			 *
			 * The dynamic portion of the hook name, `$field`, refers to the post
			 * field name.
			 *
			 * @since 2.3.0
			 *
			 * @param mixed $value   Value of the post field.
			 * @param int   $post_id Post ID.
			 */
			$value = apply_filters( "edit_{$field}", $value, $post_id );

			/**
			 * Filters the value of a specific post field to edit.
			 *
			 * The dynamic portion of the hook name, `$field_no_prefix`, refers to
			 * the post field name.
			 *
			 * @since 2.3.0
			 *
			 * @param mixed $value   Value of the post field.
			 * @param int   $post_id Post ID.
			 */
			$value = apply_filters( "{$field_no_prefix}_edit_pre", $value, $post_id );
		} else {
			$value = apply_filters( "edit_post_{$field}", $value, $post_id );
		}

		if ( in_array( $field, $format_to_edit, true ) ) {
			if ( 'post_content' === $field ) {
				$value = format_to_edit( $value, user_can_richedit() );
			} else {
				$value = format_to_edit( $value );
			}
		} else {
			$value = esc_attr( $value );
		}
	} elseif ( 'db' === $context ) {
		if ( $prefixed ) {

			/**
			 * Filters the value of a specific post field before saving.
			 *
			 * The dynamic portion of the hook name, `$field`, refers to the post
			 * field name.
			 *
			 * @since 2.3.0
			 *
			 * @param mixed $value Value of the post field.
			 */
			$value = apply_filters( "pre_{$field}", $value );

			/**
			 * Filters the value of a specific field before saving.
			 *
			 * The dynamic portion of the hook name, `$field_no_prefix`, refers
			 * to the post field name.
			 *
			 * @since 2.3.0
			 *
			 * @param mixed $value Value of the post field.
			 */
			$value = apply_filters( "{$field_no_prefix}_save_pre", $value );
		} else {
			$value = apply_filters( "pre_post_{$field}", $value );

			/**
			 * Filters the value of a specific post field before saving.
			 *
			 * The dynamic portion of the hook name, `$field`, refers to the post
			 * field name.
			 *
			 * @since 2.3.0
			 *
			 * @param mixed $value Value of the post field.
			 */
			$value = apply_filters( "{$field}_pre", $value );
		}
	} else {

		// Use display filters by default.
		if ( $prefixed ) {

			/**
			 * Filters the value of a specific post field for display.
			 *
			 * The dynamic portion of the hook name, `$field`, refers to the post
			 * field name.
			 *
			 * @since 2.3.0
			 *
			 * @param mixed  $value   Value of the prefixed post field.
			 * @param int    $post_id Post ID.
			 * @param string $context Context for how to sanitize the field. Possible
			 *                        values include 'edit', 'display',
			 *                        'attribute' and 'js'.
			 */
			$value = apply_filters( "{$field}", $value, $post_id, $context );
		} else {
			$value = apply_filters( "post_{$field}", $value, $post_id, $context );
		}

		if ( 'attribute' === $context ) {
			$value = esc_attr( $value );
		} elseif ( 'js' === $context ) {
			$value = esc_js( $value );
		}
	}

	return $value;
}

Uses

Uses	Description
wp-includes/formatting.php: esc_attr()	Escaping for HTML attributes.
wp-includes/formatting.php: esc_js()	Escape single quotes, htmlspecialchar ” &, and fix line endings.
wp-includes/formatting.php: format_to_edit()	Acts on text which is about to be edited.
wp-includes/general-template.php: user_can_richedit()	Whether the user can access the visual editor.
wp-includes/plugin.php: apply_filters()	Calls the callback functions that have been added to a filter hook.
wp-includes/post.php: edit_{$field}	Filters the value of a specific post field to edit.
wp-includes/post.php: {$field_no_prefix}_edit_pre	Filters the value of a specific post field to edit.
wp-includes/post.php: pre_{$field}	Filters the value of a specific post field before saving.
wp-includes/post.php: {$field_no_prefix}_save_pre	Filters the value of a specific field before saving.
wp-includes/post.php: {$field}_pre	Filters the value of a specific post field before saving.
wp-includes/post.php: {$field}	Filters the value of a specific post field for display.

Used By

Used By	Description
wp-admin/includes/post.php: post_exists()	Determines if a post exists based on title, content, date and type.
wp-includes/class-wp-post.php: WP_Post::__get()	Getter.
wp-includes/post.php: sanitize_post()	Sanitize every post field.
wp-includes/post.php: set_post_type()	Update the post type for the post ID.
wp-includes/post.php: get_post_field()	Retrieve data from a post field based on Post ID.

Changelog

Version	Description
4.4.0	Like `sanitize_post()`, `$context` defaults to 'display'.
2.3.0	Introduced.

© 2003–2019 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/sanitize_post_field