Chris W. Smith

  • About Me
    • Past Work
  • Tools
  • Blog
  • Contact

Using Proper WordPress Conventions

August 7, 2010 By Chris Smith Leave a Comment

Coding Standards

  • Always use single quotes, never double quotes
  • Vertical space is poetry; curly braces on same line.
  • Use whitespace for readability.

Avoid Raw SQL

  • Use $wpdb object
  • Use $wpdb->prepare() if SQL is needed.
  • Use existing table if possible instead of custom tables.
  • prepare() method handles santization and quotes. No reason not to use it.

Use the esc_* API

  • Provides sanitization against XSS and SQL injection attacks.
  • esc_html(), esc_attr(), esc_js(), esc_url() – uses are obvious.
  • Trust no arbitrary data, even your own.

Use Nonces (Number Only Used Once)

  • Use for single-use action (forms)
  • Add wp_nonce_field() to all forms

Use The Shortcode API

  • Allows javascripts/embeds in post safely.
  • Functions: shortcode_atts() and add_shortcode()
  • Shortcodes are wave of the future for WP.

Filed Under: Wordcamp - Houston, WordPress Tagged With: wordcamp houston, wordpress

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Posts

  • Keyword Research Using Python, RAKE, and Support Chat Transcripts June 16, 2017
  • No Title June 16, 2017
  • Premixed Old Fashioneds May 3, 2017
  • Downstairs Bathroom Renovation March 8, 2017
  • Testing Android January 9, 2017
  • About Me
  • Tools
  • Blog
  • Contact

Copyright © 2021 · Built with the Genesis Framework on WordPress