Don’t Be Shy to Use sprintf with WordPress

Don’t be shy to use the printf and sprintf functions with WordPress. It makes code much easier to read. Take a look at the following examples.

echo '<a href="' . get_permalink() . '" class="link">' . get_the_title() . '</a>';

It looks quite dirty and it’s very easy to miss a quote or double-quote. Here’s one that looks a lot cleaner and easier to read:

printf( '<a href="%s" class="link">%s</a>', get_permalink(), get_the_title() );

And here’s a slightly less clean, but more secure example:

printf( '<a href="%s" class="link">%s</a>', esc_url( get_permalink() ), esc_html( get_the_title() ) );

You might think escaping the permalink and the post title is not necessary, and you’re right. However, it’s considered best practice to escape as late as possible, which is often right before the output. Here’s a more complex example, taken from the Twenty Twelve theme:

$date = sprintf( '<a href="%1$s" title="%2$s" rel="bookmark"><time class="entry-date" datetime="%3$s" pubdate>%4$s</time></a>',
    esc_url( get_permalink() ),
    esc_attr( get_the_time() ),
    esc_attr( get_the_date( 'c' ) ),
    esc_html( get_the_date() )
);

It also makes use of argument swapping, which is very common when working with translation functions, mainly because RTL languages would need to swap things around. It’s also very convenient to read when there are two or more placeholders.

You can learn more about sprintf (with a bunch of cool examples) in this article, and about escaping and data validation right here.

Thanks for reading and have a great day!

About the author

Konstantin Kovshenin

WordPress Core Contributor, ex-Automattician, public speaker and consultant, enjoying life in Moscow. I blog about tech, WordPress and DevOps.

6 comments

  • printf()/sprintf() are great (actually required) for translations but I find using them less useful for readability than HEREDOCs, especially for more than one line of content.

    Here’s how I’d do your example, which I find much more readable and thus more understandable at a glance and ultimately more maintainable:

    $href = esc_url( get_permalink() );
    $title = esc_attr( get_the_time() );
    $datetime = esc_attr( get_the_date( 'c' ) );
    $date = esc_html( get_the_date() );
    $html =<<<HTML
    <a href="{$href}" title="{$title}" rel="nofollow">
       {$date}
    </a>
    HTML;
    echo $html;
    

    BTW, just found this approach to being able to call functions in a HEREDOC; haven’t tried it yet but it seems very cool (if not done a lot or in a loop with many iterations.):

    http://stackoverflow.com/a/1948173/102699

    • Hey Mike! That’s also neat, though Heredocs tend to break indentation levels, unless you’re okay with some whitespace at the beginning of each line. However, the end of Heredocs should always be at the beginning of each line, so it looks a little weird when there are over two levels of indentation, which is quite common when working with class methods :)

      Thanks for your comment!

  • This is a seriously great tip Konstantin. I was just looking for this today for beautifying a plugin’s code. The Heredoc system also looks nice, but I agree that the heredoc beginning of line requirement is annoying and doesn’t look that good.