Badly escaped aposrophes

All data which Contact Details inserts in to the database is escaped. This is a security measure.

If you wish for quotes to pre and postfix any fields, I suggest adding them before and after your shortcode, or in whatever template you are developing.

Let us know if you have any other queries!

You’re double-escaping, it is possible to insert apostrophes into the database without having extra trailing spaces.

I don’t want a postfix or a prefix, I want an apostrophe in my name.

You either need to be adding slashes and stripping slashes or using prepared queries. I’ve not started using WP’s Database but I’d presume it uses PDO and can handle the escaping for you.

Hi Patabugen,
I had this issue, and I also wanted to be able to add html tags but these were all getting stripped, double escaped or encoded to entities.
My solution involved modifying the code, removing the ‘sanitize_text_field’ and replacing it with ‘mysql_real_escape_string’ (couldn’t find a suitable WP function).
This worked for the html tags, but quotes were being double escaped which means ‘magic_quotes_gpc’ must be on. To fix this run it through ‘stripslashes’ first, and of course you need to strip the slashes out again when it is being printed out. Otherwise you will see the escape.

Code if you (or the developers) are interested:

// Saving to the DB
$contactDetails = array_map('stripslashes', $_POST['contact_details']);
if( update_option('contact_details',array_map('mysql_real_escape_string',$contactDetails)))
   echo '<p>Successfully updated your Business Details.</p>';

and..

// Return shortcode
if( $data = get_option( 'contact_details' ) )
   return stripslashes($data[$attributes['type']]);

Keep up the great work on the plugin!