add category id to option name when adding an option on edit_category

There are 4 problems a small one, a security problem, a misunderstanding, and a big problem.

The Small Problem

Because you used [] notation in the name you’ve indicated that there are multiple category_meta_ values:

category_meta_[<?php echo $cat->term_id ?>]

Which means $_POST['category_meta_'] will always be an array.

It would be much easier to append the term ID, or remove it entirely than it would be to wrap it in [] characters.

The Security Problem

This is not good:

esc_attr_e( $category_meta[ $cat->term_id ] )

I can give you points for escaping, but this code is the same as:

echo esc_attr( __( $category_meta[ $cat->term_id ] ) );

Which commits a major mistake of passing dynamic data into a static string localisation API. Never pass dynamic strings into __( type functions, be it directly or indirectly. echo esc_attr should have been used.

The Misunderstanding

This:

if ( ... && !update_option(...) )
    add_option(...);

Works the same as this:

if ( ! ... ) {
    return;
}
update_option(...)

update_ type functions will add the option/meta/etc if it doesn’t exist

The Biggest Problem

You’ve reinvented term meta. There’s already an API for this!!!!!

  • get_term_meta
  • add_term_meta
  • update_term_meta
  • delete_term_meta

This code is much more reliable and avoids several problems you didn’t realise:

add_action( 'category_edit_form_fields', 'display_category_title_field' );
add_action( 'edit_category', 'save_category_title_field' );

function display_category_title_field( \WP_Term $cat ) : void {
    $title = get_term_meta( $cat->term_id, 'title', true );
    ?>
    <tr class="form-field">
        <th scope="row" valign="top">
            <label for="category-title"><?php esc_html_e( 'Title' ); ?></label>
        </th>
        <td>
            <input id="category-title" name="category-title"
            value="<?php echo esc_attr( $title ); ?>" />
        </td>
    </tr>
    <?php
}

function save_category_title_field( int $term_id ) : void {
    if ( ! isset( $_POST['category-title'] ) ) {
        return;
    }
    $title = sanitize_text_field( $_POST['category-title'] );
    update_term_meta( $term_id, 'title', $title );
}
  • when the category is deleted you aren’t left with phantom options, term meta gets cleaned up
  • We’re now sanitising our inputs
  • no more arrays and serialised data, it stores a plain string
  • when WP fetches a term it grabs all the term meta at the same time saving on queries
  • if you’d used this system with enough terms you would have made every page load very slow from auto-loading all those options
  • grabbing the value is much easier now get_term_meta( $cat_id, 'title', true );
  • The data is now accessible via WP CLI wp term meta commands
  • If you register the meta it can even show up in REST API requests for use with AJAX/JS

A final note, terms already have a title/name, and you’ve chosen super generic name for your fields/functions/etc. Prefix your values so they’re unique to you, e.g. gurky_title instead of title. And maybe name them term titles rather than category titles? That way if you decide to use them for tags etc you don’t have to rewrite half your code

Related Posts:

  1. How to include PHP files in plugins the correct way
  2. How Do I Use jQuery UI In My Plugin
  3. Checking if a file is already in the Media Library
  4. Prevent network activation of plugin
  5. How to implement add_image_size in a plugin
  6. Add Custom User Capabilities Before or After the Custom User Role has Been Added?
  7. Get list of scripts / styles and show file which enqueued them
  8. WordPress updates defined vs add_filter?
  9. How to make dynamically-generated content searchable in WordPress?
  10. Nav Menu meta failing to import
  11. How can I track active users of my plugin? and why doesn’t WordPress.Org offer this?
  12. Custom attachments uploader code. Almost there!
  13. $wpdb->insert is changing a value
  14. What are the default WordPress password requirements?
  15. Can I get all options using the option group id? [closed]
  16. Actions or filters fired when data is saved in a custom table
  17. ERROR: Options page not found – saving settings page with tabs
  18. The plugin generated 80 characters of unexpected output!
  19. How to update/auto-update my private plugin? [duplicate]
  20. How to use WP default post list tables in a plugin?
  21. What’s the Right Way to get and save remote data for a Gutenberg block?
  22. Is there a need to do apply_filter(‘widget_title’, $instance[‘title’]) or any other ‘widget_xxx’ filters?
  23. Passing array of strings to a SQL statement in a WordPress plugin
  24. Add multiple shipping rates from add_rate function with custom ID
  25. Filter, or any way to dynamically change theme screenshot image?
  26. Sidebar widget to show popular post not working?
  27. WP_Query returns no results
  28. On Plugin Activation, How Do I Check for Proper Transport Mechanism?
  29. Show add_meta_box by selecting a specific category
  30. Can a plugin be used to contain all custom functions to extend other plugins
  31. How to render a time-of-day string like ’16:42′ with a site’s chosen time format?
  32. Are block templates incompatible with serialize_blocks?
  33. ServerSideRender and Media Object: attributes passing image data object to php renderer even though it’s not set
  34. Programmatically modify an admin page UI of a WordPress site from my WordPress plugin
  35. Will setcookie work if there is a cache plugin installed?
  36. Adding settings link to plugin doesn’t work
  37. Check Paypal Purchase is Success or Not in Easy Digital Download Plugin
  38. Render content after post title in wp-admin
  39. Error on inserting a form value to database
  40. Is it possible to install a theme via a plugin?
  41. Form doesnt save to database
  42. Wp_list_table search box not working for custom value from database
  43. Notice: Trying to get property ‘term_id’ of non-object
  44. Append wp_editor to Dynamically created textarea
  45. javascript datatables in a plugin
  46. Is using custom table to suit business needs instead of transients a big hit to page load speed?
  47. How to add user details to different tables immediately after user registration
  48. How to change the column label in screen options for a custom column?
  49. include php file if page_id matches
  50. captcha not working in my custom plugin
  51. Optimising a big WordPress site
  52. How do I link to a php file in my plugin directory?
  53. Why wp_die() doesn’t work with wp_redirect but exit() works
  54. Is it possible to abort post update if specific conditions on metadata are met?
  55. Remove entire [$key] from array stored in custom field using Ajax – unset($array[$key]); not working
  56. How to create a page with a form programmatically in WP?
  57. Category select options for plugin settings
  58. why do I have to use required parametres?
  59. Plugin header: WP and PHP version control uses wp_die(), can I change that?
  60. Completely isolate a plugin view so it doesn’t load the theme
  61. Does is_admin() really provide a plugin performance improvement?
  62. Enqueueing common php scripts in a plugin
  63. plugin content on front-page only. Nowhere else
  64. get_avatar filter in WordPress 4.4, how to filter properly
  65. How can I save a password securely as a settings field
  66. How to make a cronjob type plugin
  67. How to localize data array in plugin’s option page
  68. Changing permalink structure breaks link to .php file which generates files dynamically
  69. Decontruct serialized data array from wp_options
  70. Upload product image from frontside for administrator only
  71. $wpbd->insert_id is returning null
  72. Why does theme’s reset CSS have higher precedence of plugin’s CSS?
  73. How to get inserted row IDs for bulk/batch insert with wpdb query?
  74. Redirect WooCommerce checkout to cart
  75. Plugin Activation Causes wp_register errors
  76. BuddyPress and namespacing
  77. How to get values from Tinymce visual editor popup?
  78. How to debug new shortcode? And how to get string from shortcode into code?
  79. Ajax call not working with
  80. plugin modal/popup integration best practice
  81. What is more secure checking capabilities of user or checking role of user in WordPress plugin development
  82. From my Plugin Settings Page use check boxes to load specific css files (e.g. Bootstrap / Foundation)
  83. how to display my WordPress plugin on a chosen page?
  84. Sessions in plugin development?
  85. Is it possible to make WordPress as a RESTful app?
  86. List all content by post type
  87. Best Way to Grab Post ID from Plugin
  88. How to set/change another post author by custom fields or something else?
  89. Fatal error: Call to a member function query() on a non-object in my ajaxpage
  90. How to inject html to every page with a plugin?
  91. Custom plugin not appearing
  92. Gutenberg’s Popover component position relative to the focused element
  93. How to replace plugin icon?
  94. How to change the headline title for an admin page in a plugin?
  95. Cannot update plugin
  96. Add a custom image source
  97. How can I chanage the user for the composer container in wp-env?
  98. Adding a navigation with wp_nav_menu() to a custom block in the site editor
  99. Why isn’t custom sidebar panel not showing up in the Gutenberg Editor?
  100. Ninja Forms: Front-End Forms, Post ID?