Title: sanitize_text_field
Published: April 25, 2014
Last modified: February 24, 2026

---

# sanitize_text_field( string $str ): string

## In this article

 * [Description](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#description)
    - [See also](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#see-also)
 * [Parameters](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#parameters)
 * [Return](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#return)
 * [More Information](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#more-information)
 * [Source](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#source)
 * [Hooks](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#hooks)
 * [Related](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#related)
 * [Changelog](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#changelog)
 * [User Contributed Notes](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#user-contributed-notes)

[ Back to top](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#wp--skip-link--target)

Sanitizes a string from user input or from the database.

## 󠀁[Description](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#description)󠁿

 * Checks for invalid UTF-8,
 * Converts single `<` characters to entities
 * Strips all tags
 * Removes line breaks, tabs, and extra whitespace
 * Strips percent-encoded characters

### 󠀁[See also](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#see-also)󠁿

 * [sanitize_textarea_field()](https://developer.wordpress.org/reference/functions/sanitize_textarea_field/)
 * [wp_check_invalid_utf8()](https://developer.wordpress.org/reference/functions/wp_check_invalid_utf8/)
 * [wp_strip_all_tags()](https://developer.wordpress.org/reference/functions/wp_strip_all_tags/)

## 󠀁[Parameters](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#parameters)󠁿

 `$str`stringrequired

String to sanitize.

## 󠀁[Return](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#return)󠁿

 string Sanitized string.

## 󠀁[More Information](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#more-information)󠁿

**Basic Usage**

    ```php
    <?php sanitize_text_field( $str ) ?>
    ```

## 󠀁[Source](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#source)󠁿

    ```php
    function sanitize_text_field( $str ) {
    	$filtered = _sanitize_text_fields( $str, false );

    	/**
    	 * Filters a sanitized text field string.
    	 *
    	 * @since 2.9.0
    	 *
    	 * @param string $filtered The sanitized string.
    	 * @param string $str      The string prior to being sanitized.
    	 */
    	return apply_filters( 'sanitize_text_field', $filtered, $str );
    }
    ```

[View all references](https://developer.wordpress.org/reference/files/wp-includes/formatting.php/)
[View on Trac](https://core.trac.wordpress.org/browser/tags/6.9.4/src/wp-includes/formatting.php#L5590)
[View on GitHub](https://github.com/WordPress/wordpress-develop/blob/6.9.4/src/wp-includes/formatting.php#L5590-L5602)

## 󠀁[Hooks](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#hooks)󠁿

 [apply_filters( ‘sanitize_text_field’, string $filtered, string $str )](https://developer.wordpress.org/reference/hooks/sanitize_text_field/)

Filters a sanitized text field string.

## 󠀁[Related](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#related)󠁿

| Uses | Description | 
| [_sanitize_text_fields()](https://developer.wordpress.org/reference/functions/_sanitize_text_fields/)`wp-includes/formatting.php` |

Internal helper function to sanitize a string from user input or from the database.

  | 
| [apply_filters()](https://developer.wordpress.org/reference/functions/apply_filters/)`wp-includes/plugin.php` |

Calls the callback functions that have been added to a filter hook.

  |

| Used by | Description | 
| [WP_Debug_Data::get_wp_themes_inactive()](https://developer.wordpress.org/reference/classes/wp_debug_data/get_wp_themes_inactive/)`wp-admin/includes/class-wp-debug-data.php` |

Gets the WordPress inactive themes section of the debug data.

  | 
| [WP_Debug_Data::get_wp_dropins()](https://developer.wordpress.org/reference/classes/wp_debug_data/get_wp_dropins/)`wp-admin/includes/class-wp-debug-data.php` |

Gets the WordPress drop-in section of the debug data.

  | 
| [WP_Debug_Data::get_wp_mu_plugins()](https://developer.wordpress.org/reference/classes/wp_debug_data/get_wp_mu_plugins/)`wp-admin/includes/class-wp-debug-data.php` |

Gets the WordPress MU plugins section of the debug data.

  | 
| [WP_Debug_Data::get_wp_plugins_raw_data()](https://developer.wordpress.org/reference/classes/wp_debug_data/get_wp_plugins_raw_data/)`wp-admin/includes/class-wp-debug-data.php` |

Gets the raw plugin data for the WordPress active and inactive sections of the debug data.

  | 
| [WP_Font_Utils::sanitize_font_family()](https://developer.wordpress.org/reference/classes/wp_font_utils/sanitize_font_family/)`wp-includes/fonts/class-wp-font-utils.php` |

Sanitizes and formats font family names.

  | 
| [WP_Font_Utils::get_font_face_slug()](https://developer.wordpress.org/reference/classes/wp_font_utils/get_font_face_slug/)`wp-includes/fonts/class-wp-font-utils.php` |

Generates a slug from font face properties, e.g. `open sans;normal;400;100%;U+0-10FFFF`

  | 
| [WP_Font_Collection::get_sanitization_schema()](https://developer.wordpress.org/reference/classes/wp_font_collection/get_sanitization_schema/)`wp-includes/fonts/class-wp-font-collection.php` |

Retrieves the font collection sanitization schema.

  | 
| [WP_REST_Templates_Controller::get_wp_templates_author_text_field()](https://developer.wordpress.org/reference/classes/wp_rest_templates_controller/get_wp_templates_author_text_field/)`wp-includes/rest-api/endpoints/class-wp-rest-templates-controller.php` |

Returns a human readable text for the author of the template.

  | 
| [wp_get_theme_preview_path()](https://developer.wordpress.org/reference/functions/wp_get_theme_preview_path/)`wp-includes/theme-previews.php` |

Filters the blog option to return the path for the previewed theme.

  | 
| [wp_attach_theme_preview_middleware()](https://developer.wordpress.org/reference/functions/wp_attach_theme_preview_middleware/)`wp-includes/theme-previews.php` |

Adds a middleware to `apiFetch` to set the theme for the preview.

  | 
| [WP_REST_Pattern_Directory_Controller::prepare_item_for_response()](https://developer.wordpress.org/reference/classes/wp_rest_pattern_directory_controller/prepare_item_for_response/)`wp-includes/rest-api/endpoints/class-wp-rest-pattern-directory-controller.php` |

Prepare a raw block pattern before it gets output in a REST API response.

  | 
| [WP_REST_Site_Health_Controller::get_directory_sizes()](https://developer.wordpress.org/reference/classes/wp_rest_site_health_controller/get_directory_sizes/)`wp-includes/rest-api/endpoints/class-wp-rest-site-health-controller.php` |

Gets the current directory sizes for this install.

  | 
| [WP_Application_Passwords::create_new_application_password()](https://developer.wordpress.org/reference/classes/wp_application_passwords/create_new_application_password/)`wp-includes/class-wp-application-passwords.php` |

Creates a new application password.

  | 
| [WP_Application_Passwords::update_application_password()](https://developer.wordpress.org/reference/classes/wp_application_passwords/update_application_password/)`wp-includes/class-wp-application-passwords.php` |

Updates an application password.

  | 
| [WP_REST_Plugins_Controller::sanitize_plugin_param()](https://developer.wordpress.org/reference/classes/wp_rest_plugins_controller/sanitize_plugin_param/)`wp-includes/rest-api/endpoints/class-wp-rest-plugins-controller.php` |

Sanitizes the “plugin” parameter to be a proper plugin file with “.php” appended.

  | 
| [WP_REST_Attachments_Controller::edit_media_item()](https://developer.wordpress.org/reference/classes/wp_rest_attachments_controller/edit_media_item/)`wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php` |

Applies edits to a media item and creates a new attachment record.

  | 
| [WP_Sitemaps::render_sitemaps()](https://developer.wordpress.org/reference/classes/wp_sitemaps/render_sitemaps/)`wp-includes/sitemaps/class-wp-sitemaps.php` |

Renders sitemap templates based on rewrite rules.

  | 
| [wp_ajax_toggle_auto_updates()](https://developer.wordpress.org/reference/functions/wp_ajax_toggle_auto_updates/)`wp-admin/includes/ajax-actions.php` |

Handles enabling or disable plugin and theme auto-updates via AJAX.

  | 
| [wp_ajax_health_check_get_sizes()](https://developer.wordpress.org/reference/functions/wp_ajax_health_check_get_sizes/)`wp-admin/includes/ajax-actions.php` |

Handles site health check to get directories and database sizes via AJAX.

  | 
| [WP_Privacy_Requests_Table::get_views()](https://developer.wordpress.org/reference/classes/wp_privacy_requests_table/get_views/)`wp-admin/includes/class-wp-privacy-requests-table.php` |

Gets an associative array ( id => link ) with the list of views available on this table.

  | 
| [WP_Privacy_Requests_Table::prepare_items()](https://developer.wordpress.org/reference/classes/wp_privacy_requests_table/prepare_items/)`wp-admin/includes/class-wp-privacy-requests-table.php` |

Prepares items to output.

  | 
| [_wp_personal_data_handle_actions()](https://developer.wordpress.org/reference/functions/_wp_personal_data_handle_actions/)`wp-admin/includes/privacy-tools.php` |

Handle list table actions.

  | 
| [WP_Customize_Manager::handle_load_themes_request()](https://developer.wordpress.org/reference/classes/wp_customize_manager/handle_load_themes_request/)`wp-includes/class-wp-customize-manager.php` |

Loads themes into the theme browsing/installation UI.

  | 
| [WP_Widget_Custom_HTML::update()](https://developer.wordpress.org/reference/classes/wp_widget_custom_html/update/)`wp-includes/widgets/class-wp-widget-custom-html.php` |

Handles updating settings for the current Custom HTML widget instance.

  | 
| [rest_sanitize_value_from_schema()](https://developer.wordpress.org/reference/functions/rest_sanitize_value_from_schema/)`wp-includes/rest-api.php` |

Sanitize a value based on a schema.

  | 
| [WP_REST_Attachments_Controller::create_item()](https://developer.wordpress.org/reference/classes/wp_rest_attachments_controller/create_item/)`wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php` |

Creates a single attachment.

  | 
| [wp_ajax_delete_plugin()](https://developer.wordpress.org/reference/functions/wp_ajax_delete_plugin/)`wp-admin/includes/ajax-actions.php` |

Handles deleting a plugin via AJAX.

  | 
| [WP_Customize_Nav_Menu_Setting::sanitize()](https://developer.wordpress.org/reference/classes/wp_customize_nav_menu_setting/sanitize/)`wp-includes/customize/class-wp-customize-nav-menu-setting.php` |

Sanitize an input.

  | 
| [WP_Customize_Nav_Menus::ajax_search_available_items()](https://developer.wordpress.org/reference/classes/wp_customize_nav_menus/ajax_search_available_items/)`wp-includes/class-wp-customize-nav-menus.php` |

Ajax handler for searching available menu items.

  | 
| [wp_ajax_update_plugin()](https://developer.wordpress.org/reference/functions/wp_ajax_update_plugin/)`wp-admin/includes/ajax-actions.php` |

Handles updating a plugin via AJAX.

  | 
| [validate_another_blog_signup()](https://developer.wordpress.org/reference/functions/validate_another_blog_signup/)`wp-signup.php` |

Validates a new site sign-up for an existing user.

  | 
| [validate_blog_signup()](https://developer.wordpress.org/reference/functions/validate_blog_signup/)`wp-signup.php` |

Validates new site signup.

  | 
| [WP_Plugins_List_Table::prepare_items()](https://developer.wordpress.org/reference/classes/wp_plugins_list_table/prepare_items/)`wp-admin/includes/class-wp-plugins-list-table.php` |  | 
| [WP_Links_List_Table::prepare_items()](https://developer.wordpress.org/reference/classes/wp_links_list_table/prepare_items/)`wp-admin/includes/class-wp-links-list-table.php` |  | 
| [WP_MS_Themes_List_Table::prepare_items()](https://developer.wordpress.org/reference/classes/wp_ms_themes_list_table/prepare_items/)`wp-admin/includes/class-wp-ms-themes-list-table.php` |  | 
| [WP_Theme_Install_List_Table::prepare_items()](https://developer.wordpress.org/reference/classes/wp_theme_install_list_table/prepare_items/)`wp-admin/includes/class-wp-theme-install-list-table.php` |  | 
| [edit_user()](https://developer.wordpress.org/reference/functions/edit_user/)`wp-admin/includes/user.php` |

Edit user settings based on contents of $_POST

  | 
| [WP_Plugin_Install_List_Table::prepare_items()](https://developer.wordpress.org/reference/classes/wp_plugin_install_list_table/prepare_items/)`wp-admin/includes/class-wp-plugin-install-list-table.php` |  | 
| [media_handle_upload()](https://developer.wordpress.org/reference/functions/media_handle_upload/)`wp-admin/includes/media.php` |

Saves a file submitted from a POST request and create an attachment post for it.

  | 
| [edit_post()](https://developer.wordpress.org/reference/functions/edit_post/)`wp-admin/includes/post.php` |

Updates an existing post with values provided in `$_POST`.

  | 
| [wp_ajax_save_attachment()](https://developer.wordpress.org/reference/functions/wp_ajax_save_attachment/)`wp-admin/includes/ajax-actions.php` |

Handles updating attachment attributes via AJAX.

  | 
| [WP_Customize_Manager::save()](https://developer.wordpress.org/reference/classes/wp_customize_manager/save/)`wp-includes/class-wp-customize-manager.php` |

Handles customize_save WP Ajax request to save/update a changeset.

  | 
| [WP_Nav_Menu_Widget::update()](https://developer.wordpress.org/reference/classes/wp_nav_menu_widget/update/)`wp-includes/widgets/class-wp-nav-menu-widget.php` |

Handles updating settings for the current Navigation Menu widget instance.

  | 
| [WP_Widget_Tag_Cloud::update()](https://developer.wordpress.org/reference/classes/wp_widget_tag_cloud/update/)`wp-includes/widgets/class-wp-widget-tag-cloud.php` |

Handles updating settings for the current Tag Cloud widget instance.

  | 
| [WP_Widget_Recent_Comments::update()](https://developer.wordpress.org/reference/classes/wp_widget_recent_comments/update/)`wp-includes/widgets/class-wp-widget-recent-comments.php` |

Handles updating settings for the current Recent Comments widget instance.

  | 
| [WP_Widget_Recent_Posts::update()](https://developer.wordpress.org/reference/classes/wp_widget_recent_posts/update/)`wp-includes/widgets/class-wp-widget-recent-posts.php` |

Handles updating the settings for the current Recent Posts widget instance.

  | 
| [WP_Widget_Categories::update()](https://developer.wordpress.org/reference/classes/wp_widget_categories/update/)`wp-includes/widgets/class-wp-widget-categories.php` |

Handles updating settings for the current Categories widget instance.

  | 
| [WP_Widget_Calendar::update()](https://developer.wordpress.org/reference/classes/wp_widget_calendar/update/)`wp-includes/widgets/class-wp-widget-calendar.php` |

Handles updating settings for the current Calendar widget instance.

  | 
| [WP_Widget_Text::update()](https://developer.wordpress.org/reference/classes/wp_widget_text/update/)`wp-includes/widgets/class-wp-widget-text.php` |

Handles updating settings for the current Text widget instance.

  | 
| [WP_Widget_Archives::update()](https://developer.wordpress.org/reference/classes/wp_widget_archives/update/)`wp-includes/widgets/class-wp-widget-archives.php` |

Handles updating settings for the current Archives widget instance.

  | 
| [WP_Widget_Meta::update()](https://developer.wordpress.org/reference/classes/wp_widget_meta/update/)`wp-includes/widgets/class-wp-widget-meta.php` |

Handles updating settings for the current Meta widget instance.

  | 
| [WP_Widget_Search::update()](https://developer.wordpress.org/reference/classes/wp_widget_search/update/)`wp-includes/widgets/class-wp-widget-search.php` |

Handles updating settings for the current Search widget instance.

  | 
| [WP_Widget_Pages::update()](https://developer.wordpress.org/reference/classes/wp_widget_pages/update/)`wp-includes/widgets/class-wp-widget-pages.php` |

Handles updating settings for the current Pages widget instance.

  | 
| [register_new_user()](https://developer.wordpress.org/reference/functions/register_new_user/)`wp-includes/user.php` |

Handles registering a new user.

  | 
| [wp_page_menu()](https://developer.wordpress.org/reference/functions/wp_page_menu/)`wp-includes/post-template.php` |

Displays or retrieves a list of pages with an optional home link.

  |

[Show 50 more](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#)
[Show less](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#)

## 󠀁[Changelog](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#changelog)󠁿

| Version | Description | 
| [2.9.0](https://developer.wordpress.org/reference/since/2.9.0/) | Introduced. |

## 󠀁[User Contributed Notes](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#user-contributed-notes)󠁿

 1.   [Skip to note 6 content](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#comment-content-5204)
 2.    [mcmwebsol](https://profiles.wordpress.org/mcmwebsol/)  [  5 years ago  ](https://developer.wordpress.org/reference/functions/sanitize_text_field/#comment-5204)
 3.  [You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fsanitize_text_field%2F%23comment-5204)
     Vote results for this note: 6[You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fsanitize_text_field%2F%23comment-5204)
 4.  This function is not for protecting against SQL injection, so please don’t use
     it in your database queries. In most cases using [https://developer.wordpress.org/reference/classes/wpdb/prepare/](https://developer.wordpress.org/reference/classes/wpdb/prepare/)
     with placeholders is best for database queries.
 5.   [Log in to add feedback](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fsanitize_text_field%2F%3Freplytocom%3D5204%23feedback-editor-5204)
 6.   [Skip to note 7 content](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#comment-content-5504)
 7.    [bhvreddy](https://profiles.wordpress.org/bhvreddy/)  [  4 years ago  ](https://developer.wordpress.org/reference/functions/sanitize_text_field/#comment-5504)
 8.  [You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fsanitize_text_field%2F%23comment-5504)
     Vote results for this note: 5[You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fsanitize_text_field%2F%23comment-5504)
 9.  Sanitize an array
 10.     ```php
         map_deep( $form_data, 'sanitize_text_field' );
         ```
     
 11.  [Log in to add feedback](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fsanitize_text_field%2F%3Freplytocom%3D5504%23feedback-editor-5504)
 12.  [Skip to note 8 content](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#comment-content-4353)
 13.   [凱寧](https://profiles.wordpress.org/kennyateam990/)  [  6 years ago  ](https://developer.wordpress.org/reference/functions/sanitize_text_field/#comment-4353)
 14. [You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fsanitize_text_field%2F%23comment-4353)
     Vote results for this note: 3[You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fsanitize_text_field%2F%23comment-4353)
 15. Check whether the string is a valid UTF-8 character, and remove all HTML tags.
 16.     ```php
         $str = "<h2>Title</h2>";
         sanitize_text_field( $str ); // it will return "title" without any HTML tags!
         ```
     
 17.  * This will not convert text string to lower case as stated in your comment ”
        it will return ‘title’ without any HTML tags!” make it “it will return ‘Title’
        without any HTML tags!’
      * [bharatthapa](https://profiles.wordpress.org/bharatthapa/) [5 years ago](https://developer.wordpress.org/reference/functions/sanitize_text_field/#comment-5297)
 18.  [Log in to add feedback](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fsanitize_text_field%2F%3Freplytocom%3D4353%23feedback-editor-4353)
 19.  [Skip to note 9 content](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#comment-content-4419)
 20.   [Douglas “BearlyDoug” Hazard](https://profiles.wordpress.org/bearlydoug/)  [  5 years ago  ](https://developer.wordpress.org/reference/functions/sanitize_text_field/#comment-4419)
 21. [You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fsanitize_text_field%2F%23comment-4419)
     Vote results for this note: 0[You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fsanitize_text_field%2F%23comment-4419)
 22. I ran across an issue with one of my plugins, as it was going through the initial
     security review, where I had an array that wasn’t passing a security check. The
     [sanitize_text_field()](https://developer.wordpress.org/reference/functions/sanitize_text_field/)
     function only works on a string, not an array’d item.
 23. I located this nice little tidbit of code to sanitize an array, properly.
 24.     ```php
         /***
          * To ensure arrays are properly sanitized to WordPress Codex standards,
          * they encourage usage of sanitize_text_field(). That only works with a single
          * variable (string). This function allows for a full blown array to get sanitized
          * properly, while sanitizing each individual value in a key -> value pair.
          *
          * Source: https://wordpress.stackexchange.com/questions/24736/wordpress-sanitize-array
          * Author: Broshi, answered Feb 5 '17 at 9:14
          */
         function wporg_recursive_sanitize_text_field( $array ) {
         	foreach ( $array as $key => &$value ) {
         		if ( is_array( $value ) ) {
         			$value = wporg_recursive_sanitize_text_field( $value );
         		} else {
         			$value = sanitize_text_field( $value );
         		}
         	}
         	return $array;
         }
         ```
     
 25. IMHO, this needs to become a core feature of WordPress’ sanitation functions. 
     Lior Broshi is the gentleman that came up with this creative solution (I have 
     obtained his permission to share this).
 26.  * Sanitize an array
      *     ```php
            map_deep( $form_data, 'sanitize_text_field' );
            ```
        
      * [bhvreddy](https://profiles.wordpress.org/bhvreddy/) [4 years ago](https://developer.wordpress.org/reference/functions/sanitize_text_field/#comment-5503)
      * We handle this by using the array_map, it gets a bit tricky if the array contains
        various field types (text fields, emails etc) but it can be done using: `$sanitized_array
        = array_map( 'sanitize_text_field', $array );`
      * [Andrew Lima](https://profiles.wordpress.org/andrewza/) [1 year ago](https://developer.wordpress.org/reference/functions/sanitize_text_field/#comment-7200)
 27.  [Log in to add feedback](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fsanitize_text_field%2F%3Freplytocom%3D4419%23feedback-editor-4419)
 28.  [Skip to note 10 content](https://developer.wordpress.org/reference/functions/sanitize_text_field/?output_format=md#comment-content-7360)
 29.   [thejaydip](https://profiles.wordpress.org/iamjaydip/)  [  10 months ago  ](https://developer.wordpress.org/reference/functions/sanitize_text_field/#comment-7360)
 30. [You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fsanitize_text_field%2F%23comment-7360)
     Vote results for this note: 0[You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fsanitize_text_field%2F%23comment-7360)
 31. `
      $unsafe_input = 'alert("XSS")hello'; $safe_input = sanitize_text_field($unsafe_input);
     echo $safe_input; // Output: hello
 32. Use [sanitize_text_field()](https://developer.wordpress.org/reference/functions/sanitize_text_field/)
     when:
      (1) You’re handling free-form user input from forms, URLs, or APIs. (2)
     The value will be stored in the database, output in HTML, or used in queries.
 33.  [Log in to add feedback](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fsanitize_text_field%2F%3Freplytocom%3D7360%23feedback-editor-7360)

You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fsanitize_text_field%2F)
before being able to contribute a note or feedback.