admin管理员组文章数量:1325720
I submitted a plugin to wordpress and I got a feedback that I have to escape this one
$active_tab = isset( $_GET[ 'tab' ] ) ? $_GET[ 'tab' ] : 'front_page_options';
If I do like
$get_the_param = esc_html($_GET[ 'tab' ] );
$active_tab = isset( $get_the_param ) ? $get_the_param : 'front_page_options';
Seems to work but as isset ( Cannot use isset() on the result of an expression ) as $_GET is not set it will throw a notice? What can be the possible solution?
Thanks
I submitted a plugin to wordpress and I got a feedback that I have to escape this one
$active_tab = isset( $_GET[ 'tab' ] ) ? $_GET[ 'tab' ] : 'front_page_options';
If I do like
$get_the_param = esc_html($_GET[ 'tab' ] );
$active_tab = isset( $get_the_param ) ? $get_the_param : 'front_page_options';
Seems to work but as isset ( Cannot use isset() on the result of an expression ) as $_GET is not set it will throw a notice? What can be the possible solution?
Thanks
Share Improve this question asked Aug 11, 2020 at 18:51 user145078user145078 5 |1 Answer
Reset to default 2The proper way to do that is using filter_input(). Here is an example for using a custom sanitize function:
$tab = filter_input(
INPUT_GET,
'tab',
FILTER_CALLBACK,
['options' => 'esc_html']
);
$tab = $tab ?: 'front_page_options';
本文标签: sanitizationHow to escape GET and check if isset
版权声明:本文标题:sanitization - How to escape $_GET and check if isset? 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742194617a2430846.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
empty()instead ofisset()to check if$_GET['tab']had anything in it? – mozboz Commented Aug 11, 2020 at 19:05esc_html($_GET[ 'tab' ] );this will throw error even before that – user145078 Commented Aug 11, 2020 at 19:16