Custom Style / CSS > save data to database

  • Resolved Guido

    (@guido07111975)


    9 years, 9 months ago

    Hi,

    I am developing my own custom CSS function which I will use in my contactform, so users can change layout of form by adding custom css in a textarea field.

    To add save data in database I use: sanitize_text_field
    To display save data in textarea field in backend I use: esc_textarea

    My question, the sanitize_text_field removes all line breaks (does not look nice in textarea field backend), can I use an alternative for entering save data in database?

    This I use now:

    register_setting( 'my_options_group', 'my_option_name', 'sanitize_text_field' );

    Guido

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator bcworkz

    (@bcworkz)

    There are alternatives, but they would be less secure. You could hook the ‘sanitize_text_field’ filter, which passes the original and filtered text. You could do a diff on the two, replacing any line feeds found, but nothing else.

    Or you could create your own version of sanitize_text_field() based on the core’s source code (wp-includes/formatting.php), except your version does not strip line breaks. I see two places this could happen. Change the second parm in wp_strip_all_tags( $filtered, true ) (line 3798) to false, and remove the \r\n from preg_replace('/[\r\n\t ]+/', ' ', $filtered) (line 3800)

    Thread Starter Guido

    (@guido07111975)

    Hi,

    That’s a great idea, using this default function (but remove line breaks) is the best available database protection I guess.

    Will use this. Thanks.

    And to limit amount of content I use a simple maxlength=’1000′ on my textarea field.

    Guido

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Custom Style / CSS > save data to database’ is closed to new replies.