I know when I want to save data in database, I must sanitize data but what about following case which is a simple comparison. Should I sanitize?
if ( ! isset( $_GET['page'] ) ) {
return;
}
if ( 'google' === $_GET['page'] ) {
wp_redirect( '' );
exit;
}
if ( 'facebook' === $_GET['page'] ) {
wp_redirect( '' );
exit;
}
I know when I want to save data in database, I must sanitize data but what about following case which is a simple comparison. Should I sanitize?
if ( ! isset( $_GET['page'] ) ) {
return;
}
if ( 'google' === $_GET['page'] ) {
wp_redirect( 'https://google' );
exit;
}
if ( 'facebook' === $_GET['page'] ) {
wp_redirect( 'https://facebook' );
exit;
}
1 Answer
Reset to default 1No, it's not necessary to sanitise in this case.
If you were redirecting to the value directly, or outputting it in some way, you would definitely need to, but since you're just comparing its value against a white list (essentially) no sanitising or escaping is necessary.