[wp-hackers] Escaping post meta values

Otto otto at ottodestruct.com
Wed May 22 16:53:32 UTC 2013

On Wed, May 22, 2013 at 11:29 AM, Dan Phiffer <dan at phiffer.org> wrote:
> "What? JSON you say? Who would ever think to use *that* for encoding metadata?"
> I would argue this is insane behavior to create a workaround for, but in the meantime I think the docs should clearly explain what the deal is. As soon as I re-encode the hundreds of post metadata entries I've stored from Flickr/Instagram/Twitter I'll see about helping the next person avoid my fate.

I agree that it's not ideal (and indeed, stupid in a way), but I
wouldn't go so far as to call it insane.

The question is one of whether it makes sense to be storing
pre-encoded data or not. I agree that ideally, no matter what you pass
it, then you'd get exactly that same thing back. Due to one thing and
another, this turns out to be somewhat problematic.

But in the sense of "if it's going to have limitations", then the
current limitations are sensible and somewhat consistent ones. If you
pass it an array('whatever') in the raw PHP form, it will happily
store it and deal with it. But if you pre-encode it using some method,
then it's going to encode it again for storage, and then the
double-encoding there makes less sense.

JSON is an encoded form of data, same as PHP serialized data. Encoding
it again for storage and then decoding it twice when you pull it out
to use that data is somewhat silly. Better to decode the JSON into a
PHP variable and then tell it to store that, and thus the code only
needs to decode it once on pulling it out (which the get_meta does for
you). Then you have a raw PHP variable, and you can then only encode
to JSON again if that is actually needed. Usually, this is not needed
(you want the data, not necessarily a JSON form of it), and decoding
it only once (when you get the data from the external service) makes
more sense.

The thing is that it works fine as long as you're always storing the
basic form of the data that you're working with. Any encoded form of
that data, whether it be serialized or JSON or foo-encoded, might
cause an issue. Since you generally have to decode whatever it is to
manipulate it anyway, adding multiple layers of encode/decode is


More information about the wp-hackers mailing list