plugin development - best practice for query string values - get_query_var always empty for my value supplied in query string

admin管理员组

文章数量:1278690

I'm constructing a form in my WP plugin. I need to specify which records to modify by supplying a value in the URL like so:

.php?page=my_plugin-event-video-assoc&event_post_id=123

I've properly set up my code so that I have my desired code running to handle that url request, but get_query_var always returns NULL:

$event_post_id = get_query_var('event_post_id', NULL);
var_dump($event_post_id); // this is always NULL

Having read the docs on custom query vars, I have tried add_filter in my plugin's primary PHP file:

function myco_query_vars( $qvars ) {
    $qvars[] = 'event_post_id';
    return $qvars;
}
add_filter( 'query_vars', 'myco_query_vars' );

But, even though this is the first thing my plugin does, this doesn't help and get_query_vars still returns NULL. I have also tried moving that add_filter code to various other spots but it doesn't make any difference where I put it. Do I need to run that code in some kind of WP hook?

I can extract event_post_id from superglobal $_GET['event_post_id'] but I'd like my code to observer WP best practices. To be honest, I don't understand the reason for this peculiar aspect of Wordpress. I fail to see how it provides any security at all because it doesn't validate anything.

Can anyone tell me what is considered best practice for working with custom query string values in Wordpress? If this is to user get_query_var, please help me fix my code so that function returns my variable.

I'm constructing a form in my WP plugin. I need to specify which records to modify by supplying a value in the URL like so:

https://example/wp-admin/admin.php?page=my_plugin-event-video-assoc&event_post_id=123

I've properly set up my code so that I have my desired code running to handle that url request, but get_query_var always returns NULL:

$event_post_id = get_query_var('event_post_id', NULL);
var_dump($event_post_id); // this is always NULL

Having read the docs on custom query vars, I have tried add_filter in my plugin's primary PHP file:

function myco_query_vars( $qvars ) {
    $qvars[] = 'event_post_id';
    return $qvars;
}
add_filter( 'query_vars', 'myco_query_vars' );

But, even though this is the first thing my plugin does, this doesn't help and get_query_vars still returns NULL. I have also tried moving that add_filter code to various other spots but it doesn't make any difference where I put it. Do I need to run that code in some kind of WP hook?

I can extract event_post_id from superglobal $_GET['event_post_id'] but I'd like my code to observer WP best practices. To be honest, I don't understand the reason for this peculiar aspect of Wordpress. I fail to see how it provides any security at all because it doesn't validate anything.

Can anyone tell me what is considered best practice for working with custom query string values in Wordpress? If this is to user get_query_var, please help me fix my code so that function returns my variable.

• plugin-development
• filters
• hooks

Share Improve this question asked Nov 18, 2021 at 18:05 S. ImpS. Imp 12133 bronze badges 2

• 1 Did you try the native PHP way to access query parameters? $event_id = filter_input( INPUT_GET, 'event_post_id', FILTER_VALIDATE_INT ). – fuxia ♦ Commented Nov 18, 2021 at 19:43
• I hadn't seen filter_input used so compactly before, but am well aware of using $_GET, and quite accustomed to using preg_match to validate incoming data. Half of my question is about wordpress best practices -- i.e., what is the recommended or customary way of doing it. To be honest, the get_query_vars and add_filter stuff looks clunky to me. – S. Imp Commented Nov 18, 2021 at 19:49

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 2

You get the exact unchanged value with:

$event_id = filter_input( INPUT_GET, 'event_post_id', FILTER_VALIDATE_INT );

Here I added the validation filter directly, but you can even move that to separate code for more complex cases.

WordPress’ query variable handling is for cases in which you want to allow changes to the values before they reach your code.

"Best practice" is quite a loaded expression, that's why we often shy away from that label. :)
Write code you and someone else (=future you) can maintain and understand.

If there is a fast and readable PHP way, use that. filter_input() gives you the variable as sent by the client, and no matter what WP does, it will always stay the same. The super globals $_GET, $_POST and so on are writable, you can't trust them.

本文标签：