---
title: Writing translatable PHP functions for WordPress - isla Studio
url: https://isla-stud.io/en/ratgeber/uebersetzbare-php-funktionen-fuer-wordpress-schreiben/
date: 2023-03-21
---

# Writing translatable PHP functions for WordPress

Excerpt from the WordPress developer manual:



Escaping output is the process of securing output data by removing unwanted data / characters, such as incorrect HTML or script tags. This mechanism helps to ensure that the data is secured for the end user before rendering.



WordPress contains numerous helper functions that you can use for the most common scenarios.



Pay close attention to what each function does, as some remove HTML while others allow it. You should use the most appropriate function for the content and context you want to output. The escape function should always be used during the output (php echo), not before.



Escaping functions at a glance







esc_attr()



Is used for everything else that is output in the attribute of an HTML element.



esc_html()



Is used whenever an HTML element includes a section with data that is displayed (removes html).



esc_js()



To be used for inline javascript.



esc_textarea()



 For encoding text for use in a textarea element.



esc_url()



 Used for all URLs, including those in the src and href attributes of an HTML element.



esc_url_raw()



Is used when a URL is stored in the database or in other cases where non-coded URLs are required.



wp_kses()



Use for all untrusted HTML elements (post text, comment text, etc.)



wp_kses_post()



Alternative version of wp_kses(), which automatically allows all HTML content that is permitted in posts.



wp_kses_data()



Alternative version of wp_kses(), which only allows the HTML code permitted in post comments.



Ensure multilingualism when escaping



If the output is carried out as in the following example, we ensure that




The sentences are retained (no sentence breaks).



a correct separation is ensured.



it is possible to arrange contact and e-mail links (or something similar) differently within the translated sentence.




// Example url (could have come from an insecure user input via a form, for example).
$contact_url = 'https://www.example.com/contact/';
// escaping $contact_url
$contact_url = esc_url( $contact_url );

// Example e-mail address (could have come from an insecure user input via a form, for example).
$contact_email = 'info@mydomain.com';
// escaping, sanitizing & hiding of $contact_email.
// Yes, you should still sanitize and escape the email address even if you use the antispambot() function
$contact_email = esc_url( sprintf( 'mailto:%s', antispambot( sanitize_email( $contact_email ) ) ), array( 'mailto' ) );

esc_html_e( 'Dear guest, we were unable to find any details regarding your request.', 'text-domain' );
echo "<br><br>";

printf(
    esc_html__( 'Please contact us through our %1$s or via %2$s.', 'text-domain' ),
    sprintf(
        '<a href="/en/s-2/">%s</a>',
        $contact_url,
        esc_html__( 'Contact Page', 'text-domain' )
        ),
    sprintf(
        '<a href="/en/s-2/">%s</a>',
        $contact_email,
        esc_html__( 'Email', 'text-domain' )
        )
    );



This way the translator has two full sentences and two single words to translate. So the translator only needs to worry about the following simple lines (while the CODE takes care of the rest):



esc_html_e( 'Dear guest, we were unable to find any details regarding your request.', 'text-domain' );
// ...
esc_html__( 'Please contact us through our %1$s or via %2$s', 'text-domain' )
// ...
esc_html__( 'Contact Page', 'text-domain' )
// ...
esc_html__( 'Email', 'text-domain' )



More information can be found here: Multilingualism for WordPress Themes (eng) and Multilingualism for Plugins (eng)



As always, feel free to use the comment function below on this page for questions.