最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客

sanitization - How to escape $_GET and check if isset?

programmeradmin1浏览0评论

I submitted a plugin to wordpress and I got a feedback that I have to escape this one $active_tab = isset( $_GET[ 'tab' ] ) ? $_GET[ 'tab' ] : 'front_page_options';

If I do like

$get_the_param = esc_html($_GET[ 'tab' ] );

$active_tab = isset( $get_the_param ) ? $get_the_param : 'front_page_options';

Seems to work but as isset ( Cannot use isset() on the result of an expression ) as $_GET is not set it will throw a notice? What can be the possible solution?

Thanks

I submitted a plugin to wordpress and I got a feedback that I have to escape this one $active_tab = isset( $_GET[ 'tab' ] ) ? $_GET[ 'tab' ] : 'front_page_options';

If I do like

$get_the_param = esc_html($_GET[ 'tab' ] );

$active_tab = isset( $get_the_param ) ? $get_the_param : 'front_page_options';

Seems to work but as isset ( Cannot use isset() on the result of an expression ) as $_GET is not set it will throw a notice? What can be the possible solution?

Thanks

Share Improve this question asked Aug 11, 2020 at 18:51 user145078user145078 5
  • 1 This isn't really a Wordpress question it's a PHP question. Maybe you're looking for the PHP function empty() instead of isset() to check if $_GET['tab'] had anything in it? – mozboz Commented Aug 11, 2020 at 19:05
  • @mozboz esc_html($_GET[ 'tab' ] ); this will throw error even before that – user145078 Commented Aug 11, 2020 at 19:16
  • so you need to use empty, or isset or something similar before you do that then? – mozboz Commented Aug 11, 2020 at 19:19
  • @mozboz Do you think this needs escaping? – user145078 Commented Aug 11, 2020 at 19:23
  • Sanitising inputs is a very good idea – mozboz Commented Aug 11, 2020 at 19:25
Add a comment  | 

1 Answer 1

Reset to default 2

The proper way to do that is using filter_input(). Here is an example for using a custom sanitize function:

$tab = filter_input(
    INPUT_GET, 
    'tab', 
    FILTER_CALLBACK, 
    ['options' => 'esc_html']
);

$tab = $tab ?: 'front_page_options';
发布评论

评论列表(0)

  1. 暂无评论