Is it necessary to sanitize $_POST values or cmb2 sanitize them for us?
-
Let’s say I have a filed:
$cmb->add_field( array( 'name' => __( 'Insert a number gt 100: ', 'testdomain' ), 'id' => 'submitted_value', 'type' => 'text', ) );
Now I want to validate the user input so I have this piece of code:
// first validate the value if ( $cmb->get_field('submitted_value')->args['attributes']['value'] < 100 ) { // if validation failed do 2 things: // first keep the user entered value so that he can edit it (not losing it and type it again) $cmb->get_field('submitted_value')->args['attributes']['value'] = $_POST['submitted_value']; // and lastly put an error and return: return $cmb->prop( 'submission_error', new WP_Error( 'post_data_missing', __( 'Please enter a number greater than 100' ) ) ); }
1: Do I need to sanitize $_POST[‘submitted_value’] before I put it inside the filed value attribute? ($cmb->get_field(‘submitted_value’)->args[‘attributes’][‘value’])
I think I should and in this case I should use esc_attr().
2: All in one, Is my solution for keeping the user input values after submitting form ok or there is a better way to do that?
Thanks a lot.
Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
- The topic ‘Is it necessary to sanitize $_POST values or cmb2 sanitize them for us?’ is closed to new replies.