Title: WP_REST_Request::sanitize_params Published: December 9, 2015 Last modified: April 28, 2025 --- # WP_REST_Request::sanitize_params(): true|󠀁[WP_Error](https://developer.wordpress.org/reference/classes/wp_error/)󠁿 ## In this article * [Description](https://developer.wordpress.org/reference/classes/wp_rest_request/sanitize_params/?output_format=md#description) * [Return](https://developer.wordpress.org/reference/classes/wp_rest_request/sanitize_params/?output_format=md#return) * [Source](https://developer.wordpress.org/reference/classes/wp_rest_request/sanitize_params/?output_format=md#source) * [Related](https://developer.wordpress.org/reference/classes/wp_rest_request/sanitize_params/?output_format=md#related) * [Changelog](https://developer.wordpress.org/reference/classes/wp_rest_request/sanitize_params/?output_format=md#changelog) [ Back to top](https://developer.wordpress.org/reference/classes/wp_rest_request/sanitize_params/?output_format=md#wp--skip-link--target) Sanitizes (where possible) the params on the request. ## 󠀁[Description](https://developer.wordpress.org/reference/classes/wp_rest_request/sanitize_params/?output_format=md#description)󠁿 This is primarily based off the sanitize_callback param on each registered argument. ## 󠀁[Return](https://developer.wordpress.org/reference/classes/wp_rest_request/sanitize_params/?output_format=md#return)󠁿 true|[WP_Error](https://developer.wordpress.org/reference/classes/wp_error/) True if parameters were sanitized, [WP_Error](https://developer.wordpress.org/reference/classes/wp_error/) if an error occurred during sanitization. ## 󠀁[Source](https://developer.wordpress.org/reference/classes/wp_rest_request/sanitize_params/?output_format=md#source)󠁿 ```php public function sanitize_params() { $attributes = $this->get_attributes(); // No arguments set, skip sanitizing. if ( empty( $attributes['args'] ) ) { return true; } $order = $this->get_parameter_order(); $invalid_params = array(); $invalid_details = array(); foreach ( $order as $type ) { if ( empty( $this->params[ $type ] ) ) { continue; } foreach ( $this->params[ $type ] as $key => $value ) { if ( ! isset( $attributes['args'][ $key ] ) ) { continue; } $param_args = $attributes['args'][ $key ]; // If the arg has a type but no sanitize_callback attribute, default to rest_parse_request_arg. if ( ! array_key_exists( 'sanitize_callback', $param_args ) && ! empty( $param_args['type'] ) ) { $param_args['sanitize_callback'] = 'rest_parse_request_arg'; } // If there's still no sanitize_callback, nothing to do here. if ( empty( $param_args['sanitize_callback'] ) ) { continue; } /** @var mixed|WP_Error $sanitized_value */ $sanitized_value = call_user_func( $param_args['sanitize_callback'], $value, $this, $key ); if ( is_wp_error( $sanitized_value ) ) { $invalid_params[ $key ] = implode( ' ', $sanitized_value->get_error_messages() ); $invalid_details[ $key ] = rest_convert_error_to_response( $sanitized_value )->get_data(); } else { $this->params[ $type ][ $key ] = $sanitized_value; } } } if ( $invalid_params ) { return new WP_Error( 'rest_invalid_param', /* translators: %s: List of invalid parameters. */ sprintf( __( 'Invalid parameter(s): %s' ), implode( ', ', array_keys( $invalid_params ) ) ), array( 'status' => 400, 'params' => $invalid_params, 'details' => $invalid_details, ) ); } return true; } ``` [View all references](https://developer.wordpress.org/reference/files/wp-includes/rest-api/class-wp-rest-request.php/) [View on Trac](https://core.trac.wordpress.org/browser/tags/6.9.4/src/wp-includes/rest-api/class-wp-rest-request.php#L815) [View on GitHub](https://github.com/WordPress/wordpress-develop/blob/6.9.4/src/wp-includes/rest-api/class-wp-rest-request.php#L815-L875) ## 󠀁[Related](https://developer.wordpress.org/reference/classes/wp_rest_request/sanitize_params/?output_format=md#related)󠁿 | Uses | Description | | [rest_convert_error_to_response()](https://developer.wordpress.org/reference/functions/rest_convert_error_to_response/)`wp-includes/rest-api.php` | Converts an error to a response object. | | [WP_REST_Request::get_attributes()](https://developer.wordpress.org/reference/classes/wp_rest_request/get_attributes/)`wp-includes/rest-api/class-wp-rest-request.php` | Retrieves the attributes for the request. | | [WP_REST_Request::get_parameter_order()](https://developer.wordpress.org/reference/classes/wp_rest_request/get_parameter_order/)`wp-includes/rest-api/class-wp-rest-request.php` | Retrieves the parameter priority order. | | [__()](https://developer.wordpress.org/reference/functions/__/)`wp-includes/l10n.php` | Retrieves the translation of $text. | | [is_wp_error()](https://developer.wordpress.org/reference/functions/is_wp_error/)`wp-includes/load.php` | Checks whether the given variable is a WordPress Error. | | [WP_Error::__construct()](https://developer.wordpress.org/reference/classes/wp_error/__construct/)`wp-includes/class-wp-error.php` | Initializes the error. | [Show 3 more](https://developer.wordpress.org/reference/classes/wp_rest_request/sanitize_params/?output_format=md#) [Show less](https://developer.wordpress.org/reference/classes/wp_rest_request/sanitize_params/?output_format=md#) ## 󠀁[Changelog](https://developer.wordpress.org/reference/classes/wp_rest_request/sanitize_params/?output_format=md#changelog)󠁿 | Version | Description | | [4.4.0](https://developer.wordpress.org/reference/since/4.4.0/) | Introduced. | ## User Contributed Notes You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Fclasses%2Fwp_rest_request%2Fsanitize_params%2F) before being able to contribute a note or feedback.