admin管理员组文章数量:1200995
In WordPress they recommend that I should escape any part of the code of my plugin that shows data to the user, I have made most of the corrections but this specific case I don't know how to escape that echo. Please help.
<option value="">
<?php _e( '- Default', MF_TEXT_DOMAIN ); ?>
</option>
<?php foreach ( $folders as $folder ) {
$folder = trim( $folder );
echo "<option value=\"{$folder}\">{$folder}</option>";
} ?>
In WordPress they recommend that I should escape any part of the code of my plugin that shows data to the user, I have made most of the corrections but this specific case I don't know how to escape that echo. Please help.
<option value="">
<?php _e( '- Default', MF_TEXT_DOMAIN ); ?>
</option>
<?php foreach ( $folders as $folder ) {
$folder = trim( $folder );
echo "<option value=\"{$folder}\">{$folder}</option>";
} ?>
1 Answer
Reset to default 1Escaping is only necessary when you have no full control of the the thing you are echoing. So as long as $folder is a variable that you have defined yourself, there's no real need to escape. But if there is user input involved, there is esc_html, to be used as follows:
echo esc_html ("this input string contains a > character");
In this case, however, more drastic measures may be needed, because there can be no html tags at all inside option tags, so you add wp_strip_all_tags like this:
$folder = wp_strip_all_tags ($folder);
echo esc_html ("<option value=\"{$folder}\">{$folder}</option>");
UPDATE (thanks to Kero in the comments for noticing the error)
$folder = esc_html (wp_strip_all_tags ($folder));
echo "<option value=\"{$folder}\">{$folder}</option>";
本文标签: phpHow to correctly escape an echo
版权声明:本文标题:php - How to correctly escape an echo 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1738619680a2103117.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论