In my theme, i am grabbing user input with get_option() and according to that input i want to i want to declare a new variable and print in my single.php file. For example:
<?php
$tutorial_condition = get_option( 'tutorials_creater' );
if ( $tutorial_condition == 1 ) {
$second_col_class = 'col-9';
} else {
$second_col_class = 'col-2';
}
?>
now when i echo $second_col_class variable in my php files it works fine. But when i run themecheck plugin it shows an error like this.
"Possible data validation issues found. All dynamic data must be correctly escaped for the context where it is rendered."
i want to echo that variable like below.
<div class="<?php echo $second_col_class; ?>">
//my code here..
</div>
I cannot use isset() function because it just returning true or false. Is there any alternative to this?
In my theme, i am grabbing user input with get_option() and according to that input i want to i want to declare a new variable and print in my single.php file. For example:
<?php
$tutorial_condition = get_option( 'tutorials_creater' );
if ( $tutorial_condition == 1 ) {
$second_col_class = 'col-9';
} else {
$second_col_class = 'col-2';
}
?>
now when i echo $second_col_class variable in my php files it works fine. But when i run themecheck plugin it shows an error like this.
"Possible data validation issues found. All dynamic data must be correctly escaped for the context where it is rendered."
i want to echo that variable like below.
<div class="<?php echo $second_col_class; ?>">
//my code here..
</div>
I cannot use isset() function because it just returning true or false. Is there any alternative to this?
Share Improve this question asked Nov 4, 2020 at 8:18 SahanSahan 133 bronze badges1 Answer
Reset to default 1Please see this Codex article for further guide, but in your case, you would use esc_attr()
to escape the $second_col_class
value which is being used in an HTML attribute, namely class
:
<!-- bad -->
<div class="<?php echo $second_col_class; ?>">
<!-- good -->
<div class="<?php echo esc_attr( $second_col_class ); ?>">
<!-- good -->
<div class="<?php esc_attr_e( $second_col_class, 'text-domain' ); ?>">