[wp-hackers] Escaping post meta values

Andrew Nacin wp at andrewnacin.com
Wed May 22 15:58:22 UTC 2013


On May 22, 2013 11:55 AM, "Otto" <otto at ottodestruct.com> wrote:
>
> On Wed, May 22, 2013 at 10:46 AM, Dan Phiffer <dan at phiffer.org> wrote:
> > Hi wp-hackers,
> >
> > What's the deal with post meta value escaping? I didn't see any mention
of it in the documentation, but it seems important if you're ever going to
store JSON data in the postmeta table (i.e., {"key":"value with \"quotes\"
in the content."})
>
> The meta functions expect unescaped data to be sent to them.

Just to add to this, this is stupid. See
http://core.trac.wordpress.org/ticket/21767.

> Basically, meaning that you shouldn't be storing JSON data directly,
> but instead storing the PHP form of the data. So, json_decode it
> before saving it as meta, then json_encode it if you need to send it
> back to a browser or elsewhere.

I'd agree this is a pretty good workaround. PHP can serialize what is
effectively superset of JSON.


More information about the wp-hackers mailing list