[wp-hackers] Escaping post meta values

Dan Phiffer dan at phiffer.org
Wed May 22 17:06:16 UTC 2013 

On May 22, 2013, at 12:42 PM, Drew <xoodrew at gmail.com> wrote:

> A simple way for you to help others "avoid [your] fate" would be to take a
> few minutes and improve the docs yourself.
> 
> The Codex is a community effort and anyone with a WP.org username can edit
> it.

Absolutely, that's what I was talking about. I'll write it up. But first I need to fix my site.

And to be clear, the thing that's frustrating about all of this is that I'd moved on from a bit of code that seemingly worked, only to discover certain "unexpected" content was not being handled properly. If certain things can't be stored, it's important that developers know to avoid storing them.

Dan


> 
> 
> On Wed, May 22, 2013 at 10:29 AM, Dan Phiffer <dan at phiffer.org> wrote:
> 
>> 
>> On May 22, 2013, at 11:58 AM, Andrew Nacin <wp at andrewnacin.com> wrote:
>> 
>>> On May 22, 2013 11:55 AM, "Otto" <otto at ottodestruct.com> wrote:
>>>> 
>>>> On Wed, May 22, 2013 at 10:46 AM, Dan Phiffer <dan at phiffer.org> wrote:
>>>>> Hi wp-hackers,
>>>>> 
>>>>> What's the deal with post meta value escaping? I didn't see any mention
>>> of it in the documentation, but it seems important if you're ever going
>> to
>>> store JSON data in the postmeta table (i.e., {"key":"value with
>> \"quotes\"
>>> in the content."})
>>>> 
>>>> The meta functions expect unescaped data to be sent to them.
>>> 
>>> Just to add to this, this is stupid. See
>>> http://core.trac.wordpress.org/ticket/21767.
>>> 
>>>> Basically, meaning that you shouldn't be storing JSON data directly,
>>>> but instead storing the PHP form of the data. So, json_decode it
>>>> before saving it as meta, then json_encode it if you need to send it
>>>> back to a browser or elsewhere.
>>> 
>>> I'd agree this is a pretty good workaround. PHP can serialize what is
>>> effectively superset of JSON.
>> 
>> "What? JSON you say? Who would ever think to use *that* for encoding
>> metadata?"
>> 
>> I would argue this is insane behavior to create a workaround for, but in
>> the meantime I think the docs should clearly explain what the deal is. As
>> soon as I re-encode the hundreds of post metadata entries I've stored from
>> Flickr/Instagram/Twitter I'll see about helping the next person avoid my
>> fate.
>> 
>> Thanks list!
>> Dan
>> 
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>> 
> 
> 
> 
> -- 
> -- I've kinda got a thing for WordPress > http://www.drewapicture.com
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list