I'm using heavily-customised WordPress to drive a fishkeeping website.
I have two separate search areas: a site-wide search and a fish species search. The latter also has advanced search features which will search certain meta values in the "species" custom post type (to allow users to search for fish that can be kept in a certain water hardness, for instance).
I want to use search.php to deal with all of these, so I'm using WP_Query. The search forms have something along the lines of <input type="hidden" name="type" value="species" /> to specify the kind of search being performed.
The code I'm utilising is as follows:
<?php
if (isset($_GET["s"])) {
$search_term = $_GET["s"];
}
if (isset($_GET["type"])) {
switch ($_GET["type"]) {
case "profile" :
$post_type = "species";
break;
case "glossary" :
$post_type = "glossary";
break;
default :
$post_type = "any";
break;
}
}
$args = array(
's' => $search_term,
'post_type' => $post_type
);
$query = new WP_Query ( $args );
?>
My (lengthy, with apologies) question is this: what's the best command to use to sanitize the data from the search box?
Thanks in advance,
I'm using heavily-customised WordPress to drive a fishkeeping website.
I have two separate search areas: a site-wide search and a fish species search. The latter also has advanced search features which will search certain meta values in the "species" custom post type (to allow users to search for fish that can be kept in a certain water hardness, for instance).
I want to use search.php to deal with all of these, so I'm using WP_Query. The search forms have something along the lines of <input type="hidden" name="type" value="species" /> to specify the kind of search being performed.
The code I'm utilising is as follows:
<?php
if (isset($_GET["s"])) {
$search_term = $_GET["s"];
}
if (isset($_GET["type"])) {
switch ($_GET["type"]) {
case "profile" :
$post_type = "species";
break;
case "glossary" :
$post_type = "glossary";
break;
default :
$post_type = "any";
break;
}
}
$args = array(
's' => $search_term,
'post_type' => $post_type
);
$query = new WP_Query ( $args );
?>
My (lengthy, with apologies) question is this: what's the best command to use to sanitize the data from the search box?
Thanks in advance,
Share Improve this question asked Jan 10, 2012 at 21:34 turbonerdturbonerd 1,2374 gold badges26 silver badges50 bronze badges1 Answer
Reset to default 2Looking on line 1857 of WP_Query's code, it seems as though sanitization is done for you, so just run with whatever search term is put in.
Current version of wordpress is 3.3, in case the code changes down the line.