The proper way to do that is using filter_input(). Here is an example for using a custom sanitize function:
$tab = filter_input(
INPUT_GET,
'tab',
FILTER_CALLBACK,
['options' => 'esc_html']
);
$tab = $tab ?: 'front_page_options';
Related Posts:
- Should I sanitize an email address before passing it to the is_email() function?
- Escaping and sanitizing SVGs in metabox textarea
- What is the difference between wp_strip_all_tags and wp_filter_nohtml_kses?
- Reason for Lowercase usernames
- What is the best way to sanitize data?
- Should nonce be sanitized?
- esc_url removes white space. Can I change that to using ‘-‘?
- WP Coding standards – escaping the inescapable?
- Sanitatizing when using the posts_where hook
- Escape hexadecimals/rgba values
- Must I serialize/sanitize/escape array data before using set_transient?
- Echo JavaScript Safely
- wp_kses ignore allowed and allow everything
- Sanitize array callback for the WordPress Settings API
- What’s a safe / good way to output HTML safely within WordPress templates?
- Do Not Understand → Rule No. 4: Making Data Safe Is About Context [closed]
- Sanitizing output that contains quotes?
- WP_Customize_Manager: How to get control ID
- How to use wp_filter_oembed_result?
- Sanitization html output itself
- Post text sanitization after publishing/editing – changes are not saved
- wp_set_object_terms() without accents
- Escaping data from database (users table) is necessary?
- Properly sanitize an input field “Name “
- Sanitize a custom date meta field
- What is the proper way to sanitize $_POST and $_GET vars?
- Why is sanitize_text_field() selectively trimming data?
- what is a good method to sanitize the whole $_POST array in php?
- Is sanitize_title enough to generate post slugs?
- In Which Contexts are Plugins Responsible for Data Validation/Sanitization?
- wordpress sanitize array?
- Data sanitization: Best Practices with code examples
- How safe / sanitized is wp_insert_posts()?
- Should HTML output be passed through esc_html() AND wp_kses()?
- When to use esc_html and when to use sanitize_text_field?
- How to safely sanitize a textarea which takes full HTML input
- Sanitize and data validation with apply_filters() function
- Custom page with variables in url. Nice url with add_rewrite_rule
- Sanitize content from wp_editor
- How to properly validate data from $_GET or $_REQUEST using WordPress functions?
- What’s the difference between esc_* functions?
- is_email() VS sanitize_email()
- Sanitizing integer input for update_post_meta
- Sanitize User Entered CSS
- Which KSES should be used and when?
- Is sanitize_text_field() is enough to save to DB?
- Settings API – sanitizing urls, email addresses and text
- What is the difference between esc_html and wp_filter_nohtml_kses?
- How to escape custom css?
- Escaping quotes from shortcode attributes
- Sanitation needed for WP_Query or get_posts calls?
- Escaping WP_Query tax_query when term has special character(s)
- How to allow HTML tags into WP Bakery (formerly Visual Composer) `textfield` parameter
- Can I create customizer setting that can handle plugin shortcode?
- How to sanitize select box values in post meta?
- Does WordPress sanitize arguments to WP_Query?
- WP doesn’t show Array Custom Fields?
- Make shortcode work with nested double quotes
- Do Cookies Need to be Sanatized Before Being Saved?
- Shortcode putting html such as
- How to properly sanitize strings without $wpdb->prepare?
- Default WordPress settings API data sanitization
- How do I sanitize a javascript text?
- What is the difference between strip_tags and wp_filter_nohtml_kses?
- Importing JSON feed should the content be sanitized?
- how to sanitize checkbox input?
- Sanitizing post content for use in an email
- Should I sanitize custom post meta if it is going to be escaped later?
- Is there an equivalent of the PHP function sanitize_key in Gutenberg?
- How to display data from custom table in wordpress database?
- Remove tinyMCE from admin and replace with textarea
- How to get input_attrs in the sanitize function?
- wp_sanitize_redirect strips out @ signs (even from parameters) — why?
- What is the difference between sanitize_text_field() and wp_filter_nohtml_kses()?
- array_map() for sanitizing $_POST
- Sanitizing `wp_editor();` Values for Database, Edit, and Display
- Correct processing of `$_POST`, following WordPress Coding Standards
- How does WordPress store data?
- I’m confused about URL sanitization in meta boxes
- Sanitizing search data for use with WP_Query
- why is esc_html() returning nothing given a string containing a high-bit character?
- Sanitizing comments or escaping comment_text()
- How to sanitize post meta field value?
- Coding a plugin on WordPress; when should I sanitize? [duplicate]
- where to apply “apply filters” and other Sanitization Functions
- How to save html and text in the database?
- Data Validation: Always escape late / escape HTML Code
- Multiple register settings, with same option name – issue
- Is default functions like update_post_meta safe to use user inputs?
- Filter string like a slug
- Sanitize textarea instead of input
- Default WordPress taxonomy (Tag) – How to add a custom field to form and save it to the database
- Sanitizing, Validating and Escaping in WordPress (Plugin)
- vs WordPress Security
- How Could I sanitize the receive data from this code
- Cannot get ‘sanitize_callback’ to work for rest parameters
- Who is responsible for data sanitization in WordPress development?
- How to sanitize user input?
- Change filename during upload
- Settings API – sanitize_callback is not called and it leads to an incorrect behavior