Title: How Sanitize Forms Fields? Last modified: June 3, 2019 --- # How Sanitize Forms Fields? * Resolved [mistermousehjm](https://wordpress.org/support/users/mistermousehjm/) * (@mistermousehjm) * [6 years, 12 months ago](https://wordpress.org/support/topic/how-sanitize-forms-fields/) * Hello Everyone, I’m writting here cause I don’t understand how sanitize should be use. I’ve made a Website and it was injected with an SQL injection, now i’ve built it again but i don’t want to show the Contact Form untill I understand how (when and where to put it) it works. What I want to know is: 1) Where should I write “sanitize_text_field()” and all functions with the parameters that i want to sanitize in a new php file made by me? in functions.php? 2) How to make the call, in case i should put it in a new php file. 3)And WHERE make the call so it can be use before sending the email from the contact form? * Any help will be really appreciate. Thank you. Viewing 4 replies - 1 through 4 (of 4 total) * Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/) * (@sterndata) * Volunteer Forum Moderator * [6 years, 12 months ago](https://wordpress.org/support/topic/how-sanitize-forms-fields/#post-11599430) * You should sanitize the $_POST fields when you read them and before you store or further process the results, and escape them before you present/display them. * See [https://codex.wordpress.org/Validating_Sanitizing_and_Escaping_User_Data](https://codex.wordpress.org/Validating_Sanitizing_and_Escaping_User_Data) * [https://developer.wordpress.org/themes/theme-security/data-sanitization-escaping/](https://developer.wordpress.org/themes/theme-security/data-sanitization-escaping/) [https://developer.wordpress.org/themes/theme-security/data-sanitization-escaping/#database-escaping](https://developer.wordpress.org/themes/theme-security/data-sanitization-escaping/#database-escaping) * Thread Starter [mistermousehjm](https://wordpress.org/support/users/mistermousehjm/) * (@mistermousehjm) * [6 years, 12 months ago](https://wordpress.org/support/topic/how-sanitize-forms-fields/#post-11601034) * Thanks! One Last Questions, I’m kinda like new in WP, this only works for my custom forms, right? In case of using Plugins or Theme’s Forms i should get in contact with its creators, right? * Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/) * (@sterndata) * Volunteer Forum Moderator * [6 years, 12 months ago](https://wordpress.org/support/topic/how-sanitize-forms-fields/#post-11601173) * The form plugins take care of it for you. If you aren’t sure, look at their code.( If you want to know how to do it yourself, also look at their code.) * Why are you building a custom form? Seriously, there are *so many* good form plugins. * Thread Starter [mistermousehjm](https://wordpress.org/support/users/mistermousehjm/) * (@mistermousehjm) * [6 years, 12 months ago](https://wordpress.org/support/topic/how-sanitize-forms-fields/#post-11605592) * Oh good to know. Maybe because I don’t know how security in plugins works and i don’t know if they (the plugins) have enough security, but I’ll check it through the code, when it’s posible, and i’ll start using them. Thank you so much! Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘How Sanitize Forms Fields?’ is closed to new replies. ## Tags * [contactforms](https://wordpress.org/support/topic-tag/contactforms/) * [sanitize](https://wordpress.org/support/topic-tag/sanitize/) * In: [Developing with WordPress](https://wordpress.org/support/forum/wp-advanced/) * 4 replies * 2 participants * Last reply from: [mistermousehjm](https://wordpress.org/support/users/mistermousehjm/) * Last activity: [6 years, 12 months ago](https://wordpress.org/support/topic/how-sanitize-forms-fields/#post-11605592) * Status: resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics