WordPress.org

Ready to get started?Download WordPress

Codex

Attention Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

Function Reference/esc attr

Contents

Description

Encodes the <, >, &, " and ' (less than, greater than, ampersand, double quote and single quote) characters. Will never double encode entities.

Always use when escaping HTML attributes (especially form values) such as alt, value, title, etc. To escape the value of a translation use esc_attr__() instead; to escape, translate and echo, use esc_attr_e().

Usage

 <?php $fname esc_attr$text ); ?>

Parameters

$text
(string) (required) The text which is to be encoded.
Default: None

Return Values

(string) 
The encoded text with HTML entities.

Examples

<?php $fname = ( isset( $_POST['fname'] ) ) ? $_POST['fname'] : ''; ?>
<input type="text" name="fname" value="<?php echo esc_attr( $fname ); ?>">

Change Log

Since: 2.8.0

Source File

esc_attr() is located in wp-includes/formatting.php.

Related

See: Data Validation article for an in-depth discussion of input and output sanitization.

See also index of Function Reference and index of Template Tags.