Encode with esc_attr()
, example from the Codex:
echo '<input type="text" name="fname" value="' . esc_attr( $_POST['fname'] ) . '">';
Question
I have some custom meta boxes on WordPress, storing some information such as page titles and descriptions, but I am having a bit of a problem which I can't wrap my head around.
The meta input boxes need to be able to accept " and ' (Speech marks and apostrophes), and WordPress is storing the data fine, and I can display it fine on the front end, but when it is echo'd back into the <input>
box, it messes up because its trying to print something like this:
E.g: <input value="Hello we're called "example" and we suck" />
So no matter how I go about it, it's being printed in the page edit screen (once I save) like this:
or something to a similar effect. Because I need the use of both characters, I can't use either of them to wrap the attributes in as an easy fix.
I'm just having a bit of a brainfart but really can't figure out the logic behind a solution to solve this, because if I escape the characters, they will just get shown to the end user as Hello we're called "example" and we suck
which will confuse them even more.
La solution
Encode with esc_attr()
, example from the Codex:
echo '<input type="text" name="fname" value="' . esc_attr( $_POST['fname'] ) . '">';