江阴网站建设,江阴网站制作,江阴网站设计,江阴SEO优化,江阴小程序开发-江阴雨辰互联

  1. JustNews 首页
  2. questions

plugins - Is Wrapping intval() Around esc_attr() Redundant for Escaping Input?

adminquestions阅读2

My gut tells me wrapping esc_attr() in intval() is redundant when it comes to escaping input, but I would like to double

My gut tells me wrapping esc_attr() in intval() is redundant when it comes to escaping input, but I would like to double-check.

Also: considering that <option value="">- select no. -</option> is hardcoded/value is null, that chunk of input wouldn't need to be escaped, correct?

Here is my current code set-up:

        <select name="_number">
        <option value="">- select no. -</option>
            <?php
            $savedNo = intval( get_post_meta( $post->ID, '_number', true ) );
            for ($x = 1; $x <= 100; $x++) {
                echo '<option value="'
                    . intval(esc_attr($x)) . '"'
                    . ($x === $savedNo ? ' selected="selected"' : '' )
                    . '>'
                    . 'No. ' . intval(esc_attr($x))
                . '</option>';
            }
            ?>
        </select>

Thank you!

My gut tells me wrapping esc_attr() in intval() is redundant when it comes to escaping input, but I would like to double-check.

Also: considering that <option value="">- select no. -</option> is hardcoded/value is null, that chunk of input wouldn't need to be escaped, correct?

Here is my current code set-up:

        <select name="_number">
        <option value="">- select no. -</option>
            <?php
            $savedNo = intval( get_post_meta( $post->ID, '_number', true ) );
            for ($x = 1; $x <= 100; $x++) {
                echo '<option value="'
                    . intval(esc_attr($x)) . '"'
                    . ($x === $savedNo ? ' selected="selected"' : '' )
                    . '>'
                    . 'No. ' . intval(esc_attr($x))
                . '</option>';
            }
            ?>
        </select>

Thank you!

  • plugins
  • php
  • plugin-development
  • post-meta
  • escaping
Share Improve this question edited Jan 23, 2020 at 18:06 gardinermichael asked Jan 23, 2020 at 17:39 gardinermichaelgardinermichael 155 bronze badges
Add a comment  | 

2 Answers 2

Reset to default 2

Based on WordPress documentation for esc_attr function, it is returning a string value. So, If you need to have the integer value, you need using intval function. But, when you want to display that value or put it as part of markup, it doesn't make sense.

Escape functions are useful for outputting and printing values. If you want to save a value in the database, the data type is a matter and you may need to use intval function alongside sanitization.

In your case you don't need any of these functions on $x, because its values are created by for loop and are safe.

发布者:admin,转转请注明出处:http://www.yc00.com/questions/1744809159a4594961.html

adminadmin
0

相关推荐

  • plugins - Is Wrapping intval() Around esc_attr() Redundant for Escaping Input?questions

    plugins - Is Wrapping intval() Around esc_attr() Redundant for Escaping Input?

    My gut tells me wrapping esc_attr() in intval() is redundant when it comes to escaping input, but I would like to double

    adminadmin
    2天前
    30

发表回复

评论列表(0条)

  • 暂无评论

联系我们

400-800-8888

在线咨询: QQ交谈

邮件:admin@example.com

工作时间:周一至周五,9:30-18:30,节假日休息

关注微信