WordPress.org

Description

Sanitize username stripping out unsafe characters.

If $strict is true, only alphanumeric characters plus these: _, space, ., -, *, and @ are returned.

Removes tags, octets, entities, and if strict is enabled, will remove all non-ASCII characters. After sanitizing, it passes the username, raw username (the username in the parameter), and the strict parameter as parameters for the sanitize_user filter.

Usage

<?php sanitize_user( $username, $strict ) ?>

Parameters

$username

(string) (required) The username to be sanitized.

Default: None

$strict

(boolean) (optional) If set limits $username to specific characters.

Default: false

Return Values

(string) 

The sanitized username, after passing through filters.

Examples

Notes

• Uses: apply_filters() Calls 'sanitize_user' hook on username, raw username, and $strict parameter.

Change Log

• Since: 2.0.0
• Originally defined in wp-includes/functions-formatting.php
• $strict parameter and sanitize_user filter added in 2.0.1
• File renamed to wp-includes/formatting.php in 2.1

Source File

sanitize_user() is located in wp-includes/formatting.php.

Related

Functions

sanitize_user() is in a class of functions that help you sanitize potentially unsafe data which allow you to pass an arbitrary variable and receive the clean version based on data type. Others include:

• sanitize_email()
• sanitize_file_name()
• sanitize_html_class()
• sanitize_key()
• sanitize_meta()
• sanitize_mime_type()
• sanitize_option()
• sanitize_sql_orderby()
• sanitize_post_field()
• sanitize_text_field()
• sanitize_title()
• sanitize_title_for_query()
• sanitize_title_with_dashes()
• sanitize_user()

Filters

• sanitize_email
• sanitize_file_name
• sanitize_file_name_chars
• sanitize_html_class
• sanitize_key
• sanitize_mime_type
• sanitize_option_$option
• sanitize_text_field
• sanitize_title
• sanitize_trackback_urls
• sanitize_user