This page redirects to an external site: https://developer.wordpress.org/reference/functions/esc_attr/

Languages: English • 日本語 Português do Brasil • 中文(简体) • (Add your language)

Description

Encodes the <, >, &, " and ' (less than, greater than, ampersand, double quote and single quote) characters. Will never double encode entities.

Always use when escaping HTML attributes (especially form values) such as alt, value, title, etc. To escape the value of a translation use esc_attr__() instead; to escape, translate and echo, use esc_attr_e().

Usage

 <?php $fname = esc_attr( $text ); ?>

Parameters

$text

(string) (required) The text which is to be encoded.

Default: None

Return Values

(string) 

The encoded text with HTML entities.

Examples

<?php $fname = ( isset( $_POST['fname'] ) ) ? $_POST['fname'] : ''; ?>
<input type="text" name="fname" value="<?php echo esc_attr( $fname ); ?>">

Change Log

Since: 2.8.0

Source File

esc_attr() is located in wp-includes/formatting.php.

Related

See: Data Validation article for an in-depth discussion of input and output sanitization.

• esc_html()
  • esc_html__()
  • esc_html_e()
• esc_attr()
  • esc_attr__()
  • esc_attr_e()
• esc_js()
• esc_sql()
• esc_textarea()
• esc_url()
  • esc_url_raw()