[wp-hackers] Escaping post meta values

Drew xoodrew at gmail.com
Wed May 22 16:42:37 UTC 2013


Dan,

A simple way for you to help others "avoid [your] fate" would be to take a
few minutes and improve the docs yourself.

The Codex is a community effort and anyone with a WP.org username can edit
it.


On Wed, May 22, 2013 at 10:29 AM, Dan Phiffer <dan at phiffer.org> wrote:

>
> On May 22, 2013, at 11:58 AM, Andrew Nacin <wp at andrewnacin.com> wrote:
>
> > On May 22, 2013 11:55 AM, "Otto" <otto at ottodestruct.com> wrote:
> >>
> >> On Wed, May 22, 2013 at 10:46 AM, Dan Phiffer <dan at phiffer.org> wrote:
> >>> Hi wp-hackers,
> >>>
> >>> What's the deal with post meta value escaping? I didn't see any mention
> > of it in the documentation, but it seems important if you're ever going
> to
> > store JSON data in the postmeta table (i.e., {"key":"value with
> \"quotes\"
> > in the content."})
> >>
> >> The meta functions expect unescaped data to be sent to them.
> >
> > Just to add to this, this is stupid. See
> > http://core.trac.wordpress.org/ticket/21767.
> >
> >> Basically, meaning that you shouldn't be storing JSON data directly,
> >> but instead storing the PHP form of the data. So, json_decode it
> >> before saving it as meta, then json_encode it if you need to send it
> >> back to a browser or elsewhere.
> >
> > I'd agree this is a pretty good workaround. PHP can serialize what is
> > effectively superset of JSON.
>
> "What? JSON you say? Who would ever think to use *that* for encoding
> metadata?"
>
> I would argue this is insane behavior to create a workaround for, but in
> the meantime I think the docs should clearly explain what the deal is. As
> soon as I re-encode the hundreds of post metadata entries I've stored from
> Flickr/Instagram/Twitter I'll see about helping the next person avoid my
> fate.
>
> Thanks list!
> Dan
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>



-- 
-- I've kinda got a thing for WordPress > http://www.drewapicture.com


More information about the wp-hackers mailing list