need to allow html and double quotes when saving meta data (2 posts)

  1. iansane
    Posted 4 years ago #


    When saving meta data with a custom metabox add_post_meta() is stripping out double quotes and the closing '/' for the closing tag.

    I need to be able to save this:
    <meta name="fb:whatever" content="somecontent"/>

    How do I protect the string so add_post_meta() won't strip it?
    I tried addslashes() but that ends up causing an error somewhere and stoping it from writing anything to the database at all.

    here is my save code excluding the admin check part.

    $current_data = esc_textarea(get_post_meta($post_id, '_my_meta_facebook', TRUE)); 
        $new_data = $_POST['_my_meta_facebook'];
        //$new_data = addslashes($new_data);
        if ($current_data)
            if (is_null($new_data)) delete_post_meta($post_id,'_my_meta_facebook');
            else update_post_meta($post_id,'_my_meta_facebook',addslashes($new_data));
        elseif (!is_null($new_data))
            add_post_meta($post_id,'_my_meta_facebook', addslashes($new_data), TRUE);
        return $post_id;


  2. Ryann Micua
    Posted 4 years ago #

    instead of addslashes() try esc_html() or esc_textarea() - not sure which is the best but both should encode the special symbols.

    That'll take care of the saving part so wp doesn't strip out your code.

    But, I'm guessing you also want to print that data back as is without encoding. Try echoing that tag you saved and it should look weird.. (can't put example here since it gets converted)

    So, you need to "convert" it back to original form. and html_entity_decode() does that for you http://php.net/manual/en/function.html-entity-decode.php

    Hope that helps.

Topic Closed

This topic has been closed to new replies.

About this Topic