Data Validation, dynamically generated fields (select for example)

As long as you do not allow anyone to edit/add new countries to your list I don’t see any problems. The content of $ctry_code_sel is only controlled/modified by you.

If, on the other hand, you allow users to modify any data you use to generate the select, you should use escaping methods directly during generation, not after the HTML for the select is finished.

And as you are using a country list, maybe this could also be helpful for you: https://github.com/umpirsky/country-list/

Related Posts:

  1. How to store username and password to API in wordpress option DB?
  2. In Which Contexts are Plugins Responsible for Data Validation/Sanitization?
  3. How to properly validate data from $_GET or $_REQUEST using WordPress functions?
  4. Nonces can be reused multiple times? Bug / Security issue?
  5. Can someone explain what wp_session_tokens are, and what are they used for?
  6. WordPress and PHP Sessions – Security and Performance
  7. What is the difference between esc_html and wp_filter_nohtml_kses?
  8. Nonce in settings API with tabbed navigation
  9. Log in from one wordpress website to another wordpress website
  10. Escaping built-in WP function return strings
  11. What is the difference between strip_tags and wp_filter_nohtml_kses?
  12. WP Cron doesn’t save or in post body
  13. WordPress restrict plugin file direct access
  14. Plugin development: is adding empty index.php files necessary?
  15. Confusion on WP Nonce usage in my Plugin
  16. Coding a plugin on WordPress; when should I sanitize? [duplicate]
  17. Correct way check nonce (security) using old Options API
  18. Why do I need to check if wp_nonce_field() exists before using it
  19. Is there any way to check for user login and send him to login?
  20. WordPress security issue to output data from user input from theme option form
  21. Verify if user is wordpress logged in from another app since wordpress 4.0
  22. Secure Pages Best Practice
  23. Securing/Escaping Output of file content – reading via fread() in PHP
  24. best way to make a WordPresss multisite that is secure but at the same time supporting my plugin development efforts
  25. Video Security just like facebook [closed]
  26. Is disabling test_form in wp_handle_upload a security concern?
  27. How to connect my wordpress plugin to a remote database securely?
  28. wp_nonce_field displaying twice
  29. Is it necessary to do validation again when retrieving data from database?
  30. Checking a WordPress for OWASP top 10 vulnerabilities [closed]
  31. How do I have now a duplicated user entry if this is not allowed (and I cannot replicate it)?
  32. add_submenu_page hooked function must explicitly check user capabilities – why?
  33. Are there any security risks when submitting data-attribute data through AJAX?
  34. Why would you use esc_attr() on internal functions?
  35. Is it possible to use WP-CLI in a plugin (or theme)?
  36. Secruity Questions on a timer
  37. Using HTML links within translatable string
  38. How can I save a password securely as a settings field
  39. Using password protection to load different page elements?
  40. HTML Elements in my WP Plugin being generated in JS. Security and Translated Text Question about this method being used
  41. How to store sensitive user data (passwords)
  42. How do I make secure API calls from my WordPress plugin?
  43. esc_attr() on hard coded string
  44. how to add security questions on wp-registration page and validate it
  45. Experts opinions needed: How (in)secure is this approach?
  46. What is more secure checking capabilities of user or checking role of user in WordPress plugin development
  47. esc_url, esc_url_raw or sanitize_url?
  48. How to debug a plugin with Xdebug?
  49. Is there widely accepted phpDoc syntax for documenting which hook calls a function?
  50. How to iterate through custom posts and add the title to an array
  51. How to Structure a New Role/Capability Scheme?
  52. How to create Image gallery Metabox in wordpress [closed]
  53. Is it possible to create an action hook using do_action() within add_action()?
  54. WordPress 2.8 Widget API is suitable for Worpress 3.1.4 plugins development?
  55. Need specific kind of “Poll Voting” for WordPress [closed]
  56. Install widget on plugin activation
  57. Plugin admin page meta_box toggle and order state not saving
  58. Is there a better way to implement responsive images than what WordPress uses by default?
  59. Prevent Javascript Facebook SDK Conflicts in plugin
  60. Integrating Stripe PHP library into a custom WordPress Plugin
  61. How to change the URL pattern for single post view
  62. Use WP_Theme::scandir function to scan a plugin directory. Is there a way?
  63. Plugin options not being saved or created
  64. Change the ‘published on’ text?
  65. How to get boolean value from register_meta properly?
  66. Gravity Forms Perks – Nested Forms
  67. Remove custom post type slug from URL and add taxonomy Slug
  68. How do I get the sub categories of the parent when in a sub category?
  69. custom permalink’s rewrite rule for page id
  70. AJAX form post returns 0
  71. Update custom plugin with WP-CLI
  72. Delete data from database using row action
  73. Update wordpress Core Remotely
  74. Proper way to use useSelect
  75. Access to apache logs from plugin
  76. Two different wordpress sites – same server and IP address. Gaining Access to database 1 of 2
  77. Translating plugin settings page – dropdown list
  78. Hide one specific woocoomerce product
  79. settings api – add_settings_section not working
  80. Remove Meta-boxes (Yoast SEO plugin) [duplicate]
  81. Can I use a custom post type as a custom taxonomy for a different custom post type?
  82. WooCommerce currency converter support [closed]
  83. wp_schedule_single_event is set correctly but sometimes not fired
  84. wp.media gallery collection sometimes undefined
  85. Pass Values in URL on WooCommerce Product Page
  86. Plugin Install Issue “-1” Appended to end of plugin name
  87. $ is not defined [duplicate]
  88. Add a custom submenu under submenu in a Custom WordPress Plugin
  89. Redirect theme directory to plugin theme directory
  90. How do WordPress plugins work with oAuth2 APIs?
  91. WordPress mails being sent from @locahost and being rejected
  92. How to implement pagination into a wpdb->result query?
  93. Slug is not shown for my custom post type
  94. wp_register_sidebar_widget in loop within a plugin?
  95. Adding parent custom post type menu option
  96. first_name property missing inside register_user action hook
  97. Plugin SVN folder structure
  98. Find Any Theme’s page.php File
  99. WP Job Manager – Show recent jobs as cards
  100. Admin Menu for New Post