I know when I want to save data in database, I must sanitize data but what about following case which is a simple comparison. Should I sanitize?

if ( ! isset( $_GET['page'] ) ) {
        return;
}

if ( 'google' === $_GET['page'] ) {
    wp_redirect( '' );
    exit;
}

if ( 'facebook' === $_GET['page'] ) {
    wp_redirect( '' );
    exit;
}

I know when I want to save data in database, I must sanitize data but what about following case which is a simple comparison. Should I sanitize?

if ( ! isset( $_GET['page'] ) ) {
        return;
}

if ( 'google' === $_GET['page'] ) {
    wp_redirect( 'https://google' );
    exit;
}

if ( 'facebook' === $_GET['page'] ) {
    wp_redirect( 'https://facebook' );
    exit;
}

• plugins
• plugin-development
• sanitization

Share Improve this question asked May 27, 2019 at 3:08 user3631047user3631047 17311 silver badge77 bronze badges

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 1

No, it's not necessary to sanitise in this case.

If you were redirecting to the value directly, or outputting it in some way, you would definitely need to, but since you're just comparing its value against a white list (essentially) no sanitising or escaping is necessary.