Using Proper WordPress Conventions

by Chris Smith on August 7, 2010 · No Comments

Coding Standards

  • Always use single quotes, never double quotes
  • Vertical space is poetry; curly braces on same line.
  • Use whitespace for readability.

Avoid Raw SQL

  • Use $wpdb object
  • Use $wpdb->prepare() if SQL is needed.
  • Use existing table if possible instead of custom tables.
  • prepare() method handles santization and quotes. No reason not to use it.

Use the esc_* API

  • Provides sanitization against XSS and SQL injection attacks.
  • esc_html(), esc_attr(), esc_js(), esc_url() – uses are obvious.
  • Trust no arbitrary data, even your own.

Use Nonces (Number Only Used Once)

  • Use for single-use action (forms)
  • Add wp_nonce_field() to all forms

Use The Shortcode API

  • Allows javascripts/embeds in post safely.
  • Functions: shortcode_atts() and add_shortcode()
  • Shortcodes are wave of the future for WP.
Tagged with:
 
If you enjoyed this article, please consider sharing it!

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>