$geolocation = esc_sql($_COOKIE['geolocation']);
I have this, and using Query Monitor, I've been able to find out that this notice is being thrown out 490 times on the home page alone, so I am wondering if it's something I should fix by wrapping it with:
if(isset($_COOKIE['geolocation'])) {
}
Is it worth doing so, and how much of a performance gain will it have?
$geolocation = esc_sql($_COOKIE['geolocation']);
I have this, and using Query Monitor, I've been able to find out that this notice is being thrown out 490 times on the home page alone, so I am wondering if it's something I should fix by wrapping it with:
if(isset($_COOKIE['geolocation'])) {
}
Is it worth doing so, and how much of a performance gain will it have?
Share Improve this question asked Feb 15, 2022 at 15:57 user214276user2142761 Answer
Reset to default 0It's worth doing so, though performance isn't always going to improve, notices are usually a sign of broken-ness or bad code.
In the example you cited, there's actually a mistake made and a potential security issue:
$geolocation = esc_sql($_COOKIE['geolocation']);
- the code assumes there's cookies, and that a
geolocationcookie is present - it uses
esc_sqlwhich should not be used here,esc_sqlis almost never used by WP developers as it's mainly found inside theWPDBclass - a Geolocation is not an SQL statement
esc_sqlis an escaping function, not a sanitising function!- there is no default value for when it's undefined
A better way of doing this would be:
$geolocation = '';
if ( !empty( $_COOKIE['geolocation'] ) ) {
$geolocation = wp_strip_all_tags( $_COOKIE['geolocation'] );
}
Here I'm not sure what the default value should be, or the format of this value, but you would swap out wp_strip_all_tags for an equivalent that sanitises it. You would also want a validation step to ensure it actually is a geolocation.
Notices and warnings can be caused by lots of things, and a lot of them may have no impact on performance, but they can be signs of bugs, security problems, or just awful code quality! If you buy a product and it starts spamming you with PHP notices then that's a bad sign.
PHP warnings and notices are like mugs with designs that peel off in the dishwasher, door handles that aren't screwed on properly, clothes in a shop that have stains on them, or cars that start making weird and ominous noises. Just because it doesn't make your site faster doesn't mean they shouldn't be fixed.