I need your guide in the way i structure my websites.
I usually create custom functions in a file called myfunctions and from there i use those functions in all the pages where necessary to avoid retyping.
E.g mycustom_insert ($where, $what)
This function is dynamic as i can change variables on what to insert.
But my question is, is this safe knowing that some one else can simply execute such function on a slight chance given.
Example running such mycustom_insert() in a query url may end up inserting something into my database.
Is it safe for such functions to be created or should i manually retype codes on every page i want a particular function to run?
__('text to show');
esc_html('content to escape');
esc_url('link to escape');
Even though i use them, but i still don’t know exactly how someone can use an echoed plain text that is displayed in html against me.
Please i need practical guide how is not safe to echo a text without escaping it
If by that you mean you are regularly editing the code in one function definition or copy/pasting/editing the code under a new function name, this indicates that the code is not general-purpose, reusable, and has the wrong responsibility.
Perhaps show an example of your code that would allow something in a URL to control which function gets called?
Same function call but inserts different data into the database, so any page i can use the function and set the parameters of what is to be inserted.
I found that very easy to work with than retyping a full blown sql insert query.
Or having one static function that only inserts apple and fruit any time is been called.