最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客

theme development - Data Validation in wordpress

programmeradmin3浏览0评论

In my theme, i am grabbing user input with get_option() and according to that input i want to i want to declare a new variable and print in my single.php file. For example:

<?php
$tutorial_condition = get_option( 'tutorials_creater' );

if ( $tutorial_condition == 1 ) {
    $second_col_class = 'col-9';
} else {
    $second_col_class = 'col-2';
}
?>

now when i echo $second_col_class variable in my php files it works fine. But when i run themecheck plugin it shows an error like this.

"Possible data validation issues found. All dynamic data must be correctly escaped for the context where it is rendered."

i want to echo that variable like below.

 <div class="<?php echo $second_col_class; ?>">
     //my code here..
 </div>

I cannot use isset() function because it just returning true or false. Is there any alternative to this?

In my theme, i am grabbing user input with get_option() and according to that input i want to i want to declare a new variable and print in my single.php file. For example:

<?php
$tutorial_condition = get_option( 'tutorials_creater' );

if ( $tutorial_condition == 1 ) {
    $second_col_class = 'col-9';
} else {
    $second_col_class = 'col-2';
}
?>

now when i echo $second_col_class variable in my php files it works fine. But when i run themecheck plugin it shows an error like this.

"Possible data validation issues found. All dynamic data must be correctly escaped for the context where it is rendered."

i want to echo that variable like below.

 <div class="<?php echo $second_col_class; ?>">
     //my code here..
 </div>

I cannot use isset() function because it just returning true or false. Is there any alternative to this?

Share Improve this question asked Nov 4, 2020 at 8:18 SahanSahan 133 bronze badges
Add a comment  | 

1 Answer 1

Reset to default 1

Please see this Codex article for further guide, but in your case, you would use esc_attr() to escape the $second_col_class value which is being used in an HTML attribute, namely class:

<!-- bad -->
<div class="<?php echo $second_col_class; ?>">

<!-- good -->
<div class="<?php echo esc_attr( $second_col_class ); ?>">

<!-- good -->
<div class="<?php esc_attr_e( $second_col_class, 'text-domain' ); ?>">
发布评论

评论列表(0)

  1. 暂无评论