It is important to understand that denote in WordPress API the concepts of validation, cleansing and input controls. Let us examine them in detail in our guide for setting up WordPress website.
wordpress api

The concept of validation and cleansing

So what exactly is the meaning of these concepts:

Validation is the process of automatic validation of incoming data from fields of input items entered by users. The information is checked to determine whether it is suitable to write to an existing database or not.
Cleaning is an automatic process checks the incoming data against the specified database format, and security.

The main objective of the validation and cleansing

The main task of these mechanisms, properly consider and record the incoming data. It is important that the validation was made to write received data to the database and cleanup occurred between reading information and output it to the browser.

The main objective of cleaning, the filtering is unnecessary and unsafe information. In the database needs to be recorded only appropriate and necessary data.

These complex mechanisms are needed to ensure control of entry into the database made by a different user or just third-party clients of the company. These automated processes help you to work with data streams and to ensure proper and smooth operation of the sites. These mechanisms must be created and debugged in advance.

The input

The input is a generic functions that have a visual display on the site, using them and going on the main input data. There are 5 basic elements of input used in the settings:

single-line input fields (inputs),
multiline fields (textareas),
checkboxes (checkboxes),
radio buttons (radio buttons),
drop-down lists (select boxes).

For example, input fields are perfect when you need to obtain from the user a short text, for example: name, phone, URL, email.

Practical implementation of the validation and cleansing

Third-party users of the site can enter data on the website and the database, via the input controls. But instead of his name or address, you can enter almost anything, for example, JavaScript code or malicious SQL code. Malicious code can damage your website or steal information from a database. For this purpose, and uses complex mechanisms validation and cleaning.

Validation usually involves 3 steps:

The creation of the storage array;
Validation of all incoming data and, if necessary, cleaned up;
Return the generated array.

To implement our task it is convenient to use standard PHP functions:

strip_tags which removes all HTML tags, PHP;
stripslashes, which processes the text strings in quotes.

Return the processed array data can be done using the $output or apply_filters, safer and better to use the second option.

Is more suitable for us standard feature of WordPress sanitize_text_field which is specifically designed to clean text data entered by the user via the input controls.

We reviewed the most convenient functions and filters made by data users, I hope that given our information will be useful when you customize your website.