Insider Tips from WordPress Experts: Sanitizing the sanitize_text_field

WordPress experts share hacks and strategies for WordPress developers and DIYers

Tips and Tricks Straight from WordPress Experts

Welcome to the first in our series of insider tips from WordPress experts, where Pulley’s Support Managers share their experiences, hacks, and strategies for WordPress troubleshooting and optimization.

In our inaugural installment, Pulley Support Manager and WordPress expert Mahassin Poree-El shares what she learned about WordPress troubleshooting after a months-long saga of wrestling with issues stemming from the sanitize_text_field.

Q: What was the issue you were working to resolve?

One of our clients offers a health and wellness program which includes a form where users enter their weight and measurements. The form was either throwing errors or saying the data saved when it had not been saved to the database. The issue would pop up randomly every couple of months for about a year and no matter how hard I looked, I couldn’t find the source of the issue. Basically, it was annoying.

Eventually I discovered that the issue was stemming from the sanitize_text_field. It wasn’t cleaning up text properly, so some users’ entries weren’t being saved in our database.

Q: How did you find the solution?

After some trial and a lot of error, I figured out the existing sanitize_text() function didn’t work for our text input if the text had an apostrophe in it. We added the esc_sql() function to our code [ sanitize_text( esc_sql( $a_variable ) ) ] and now info is saved in the database without being tripped up by single-quotes.

Q: Who else should be on the lookout for this type of issue?

This kind of thing can affect anyone using a SQL database because of the way SQL treats apostrophes.


A headshot of a support agent and wordpress expert at Pulley.

Mahassin Poree-El, Pulley Support Manager

Q: What did you learn from the experience?

Patience. This took more trial, error, and research than most cases I work on, so I had to be patient with myself and with the troubleshooting process.

Q: What advice would you offer others dealing with this issue in the future?

Don’t be afraid of redundancy or be afraid to just try a function if you have an idea. As developers we are often focused on avoiding redundancy because extra code can slow things down. But it turns out it’s OK, and sometimes necessary, to sanitize something twice.

Have more questions about resolving issues with your site or general WordPress website maintenance? We’re here to help. You can review our services here and reach out to us here. To stay updated on this series and get alerts when we post new articles, follow us on Twitter, LinkedIn, or Facebook.