Data Validation, dynamically generated fields (select for example)

As long as you do not allow anyone to edit/add new countries to your list I don’t see any problems. The content of $ctry_code_sel is only controlled/modified by you.

If, on the other hand, you allow users to modify any data you use to generate the select, you should use escaping methods directly during generation, not after the HTML for the select is finished.

And as you are using a country list, maybe this could also be helpful for you: https://github.com/umpirsky/country-list/

Related Posts:

  1. How to store username and password to API in wordpress option DB?
  2. In Which Contexts are Plugins Responsible for Data Validation/Sanitization?
  3. How to properly validate data from $_GET or $_REQUEST using WordPress functions?
  4. Nonces can be reused multiple times? Bug / Security issue?
  5. Can someone explain what wp_session_tokens are, and what are they used for?
  6. WordPress and PHP Sessions – Security and Performance
  7. What is the difference between esc_html and wp_filter_nohtml_kses?
  8. Nonce in settings API with tabbed navigation
  9. Log in from one wordpress website to another wordpress website
  10. Escaping built-in WP function return strings
  11. What is the difference between strip_tags and wp_filter_nohtml_kses?
  12. WP Cron doesn’t save or in post body
  13. WordPress restrict plugin file direct access
  14. Plugin development: is adding empty index.php files necessary?
  15. Confusion on WP Nonce usage in my Plugin
  16. Coding a plugin on WordPress; when should I sanitize? [duplicate]
  17. Correct way check nonce (security) using old Options API
  18. Why do I need to check if wp_nonce_field() exists before using it
  19. Is there any way to check for user login and send him to login?
  20. WordPress security issue to output data from user input from theme option form
  21. Verify if user is wordpress logged in from another app since wordpress 4.0
  22. Secure Pages Best Practice
  23. Securing/Escaping Output of file content – reading via fread() in PHP
  24. best way to make a WordPresss multisite that is secure but at the same time supporting my plugin development efforts
  25. Video Security just like facebook [closed]
  26. Is disabling test_form in wp_handle_upload a security concern?
  27. How to connect my wordpress plugin to a remote database securely?
  28. wp_nonce_field displaying twice
  29. Is it necessary to do validation again when retrieving data from database?
  30. Checking a WordPress for OWASP top 10 vulnerabilities [closed]
  31. How do I have now a duplicated user entry if this is not allowed (and I cannot replicate it)?
  32. add_submenu_page hooked function must explicitly check user capabilities – why?
  33. Are there any security risks when submitting data-attribute data through AJAX?
  34. Why would you use esc_attr() on internal functions?
  35. Is it possible to use WP-CLI in a plugin (or theme)?
  36. Secruity Questions on a timer
  37. Using HTML links within translatable string
  38. How can I save a password securely as a settings field
  39. Using password protection to load different page elements?
  40. HTML Elements in my WP Plugin being generated in JS. Security and Translated Text Question about this method being used
  41. How to store sensitive user data (passwords)
  42. How do I make secure API calls from my WordPress plugin?
  43. esc_attr() on hard coded string
  44. how to add security questions on wp-registration page and validate it
  45. Experts opinions needed: How (in)secure is this approach?
  46. What is more secure checking capabilities of user or checking role of user in WordPress plugin development
  47. esc_url, esc_url_raw or sanitize_url?
  48. Objective Best Practices for Plugin Development? [closed]
  49. add_menu_page() with different name for first submenu item
  50. Autoloading & Namespaces in WordPress Plugins & Themes: Can it Work?
  51. How to include PHP files in plugins the correct way
  52. How can I add an image upload field directly to a custom write panel?
  53. A tool to analyze rewrite rules? [closed]
  54. Difference Between Filter and Action Hooks?
  55. framework for plugin/theme options panel? [closed]
  56. Creating a table in the admin-style?
  57. How can you check if you are in a particular page in the WP Admin section? For example how can I check if I am in the Users > Your Profile page?
  58. Settings API with arrays example
  59. How to get the path to the current theme?
  60. How to make a plugin require another plugin?
  61. ajaxurl not defined on front end
  62. What process do you use for WordPress development? [closed]
  63. What’s the difference between term_id and term_taxonomy_id
  64. Should I use wpdb prepare?
  65. Why does WordPress use outdated jQuery v1.12.4?
  66. Post meta vs separate database tables
  67. Is there any plugin development framework
  68. Is it possible to reuse wp.media.editor Modal for dialogs other than media
  69. How to add a javascript snippet to the footer that requires jQuery
  70. Enhance Media Manager for Gallery
  71. How do I create a custom role capability?
  72. How do I add CSS options to my plugin without using inline styles?
  73. How do i best handle custom plugin page actions?
  74. Adding Custom Text Patterns in the WP 4.5 Visual Editor
  75. Automatically determine minimum WordPress version required for a plugin?
  76. What is the advantage of using wp_mail?
  77. How to make a WordPress plugin translation ready?
  78. How many times will this code run? (or, how rich is grandma?)
  79. How to create an API for my plugin?
  80. Is it ever okay to include inline CSS in plugins?
  81. Plugins in symlinked directories?
  82. How to override existing plugin action with new action
  83. How to include a file using get_template_part() in a plugin?
  84. Add custom TinyMCE 4 Button, Usable since WordPress 3.9-beta1
  85. body_class hook for admin pages
  86. “Error: Options Page Not Found” on Settings Page Submission for an OOP Plugin
  87. Is it mandatory to use $wpdb->prefix in custom tables
  88. Which hook should be used to add an action containing a redirect?
  89. add_action hook for completely new post?
  90. Why does WordPress add 0 (zero) to an Ajax response?
  91. What should I use instead of WP_CONTENT_DIR and WP_PLUGIN_DIR?
  92. How to enqueue JavaScripts in a plugin
  93. Plugin Form Submission Best Practice
  94. How to redirect to settings page once the plugin is activated?
  95. Is get_option function cached?
  96. Should Plugin Folders Include a Blank index.php File?
  97. Unit testing for plugin development
  98. Methods of Integrating Plugin Data with Themes
  99. What are the common security flaws I need to look for? [closed]
  100. What is the wordpress wp-includes folder for?
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)