Acf is one of the best tools out there to quikly create some custom meta fileds on your posts and pages.
There are two main ways to get the values from a cusom field that was made with ACF
The WP way
get_post_meta($post->ID, 'MyCustomFieldName', true);
Using ACF functions, this used to be a bad practice way but since then since using those functions was used to make a bunch of unnececery queries, but in the latest versions this was fixed and today it’s a safe and easy way to call some data from a custom field.
Escape, its a trap
Both those ways require some escaping.
what is escaping you may ask, escaping it’s our way to clean the data inside the custom field that it will not be able to take any vulnerabilities, ultimately it’s just cleaning the data from all bunch of stuff that doesn’t need to be there.
Here are my main take on most fields that need escping and how to do it.
For titles and small text fields, both will do the trick.
URL‘s and Links
For custom post meta that is longer
apply_filters( 'the_content', wp_kses_post( $my_vlaue ) );
This is bring back WP formating for the custom post meta, escape it and then sanitize it, we are all set.