No you don’t need esc_attr() function to print out fixed static text.
You only need it to print out dynamic or generated text, so that if the attributes have any special characters that may break your HTML, esc_attr will escape that properly.
In your particular case, you can just write:
echo '<label><input type="checkbox" id="custom_header" name="custom_header" value="1" '. $checked .'> Activate Custom Header</label>';
However, if you had any generated or user input text, then you should’ve used esc_attr(). For example:
$style = "__Some generated text from database or user input__";
echo '<label><input type="checkbox" id="custom_header" name="custom_header" value="1" '. $checked .' style="' . esc_attr($style) . '"> Activate Custom Header</label>';
Related Posts:
- Enforcing password complexity
- Permanently remove first image from posts
- Set the transport of the Customizer ‘header_image’ core setting to ‘postMessage’
- Renaming wp-content folder dynamically
- How do I create a WP user outside of WordPress and auto login?
- Is it unsafe to put php in the /wp-content/uploads directory?
- Twitter feed is showing blank in WP site [closed]
- Design view breaking on Pages
- Passing array in add_option()
- Create a quick start wordpress installation [closed]
- How should I best target dynamically served content?
- Changing the template hierarchy
- How to Insert Shortcodes into Theme?
- Warning: Use of undefined constant HTTP_USER_AGENT – assumed ‘HTTP_USER_AGENT’ (this will throw an Error in a future version of PHP)
- Evaluations of two wordpress security plans against php code injection attack
- Set WordPress Default Template
- Custom Theme, Custom shortcode not working
- WordPress custom login form using Ajax
- Adding custom directory and PHP files in wordpress
- Where in PHP do I move title and meta (date) to bottom of each blog section?
- Show full posts in archive
- Detect session/cookie variable in wordpress to prevent access to documents
- SQL Injection blocked by firewall
- How to prevent XSS alter custom global javascript object & methods in WordPress
- Connect WordPress with SharePoint [closed]
- adding custom user input fields in WordPress admin dashboard gives error The link you followed has expired. Please try again
- Move category description below post list in blog
- Customizer: active_callback and sanitize_callback incompatibility?
- Generating an nonce for Content Security Policy and all scripts – How to make it match/persist for each page load?
- 404 error when I acess the second page of post-type
- proper way to add css using functions.php?
- Correct and safe way to include php content in my page
- What does this mean in wordpress? Easy question
- Showing latest post without 301 redirect
- Translate wordpress date from Italian to English
- Why am I getting a different filename? And how does WordPress load singular.php for both Page & Post? (Fresh WordPress installation)
- How to add API security keys into JS of wordpress securely
- Hardening uploads folder in IIS breaks images
- WordPress Customizer Default Image
- Do I have anything to worry about when switching to a default theme to test for plugin conflictions?
- How to integrate noimage picture in this code
- Need oop for wordpress theme? [duplicate]
- Security updates to 3.3.2
- How to add the sidebar to all the pages except the home page? [closed]
- Save Custom CSS file in the upload folder dynamically?
- Warning: printf(): Too few arguments in helpers.php file
- Decoded malware code [closed]
- WordPress and PHP Version Upgrade issue [closed]
- home.php show blog posts as grid view
- Amend theme php to include certain category in header
- Override index with a custom PHP page
- Updating From Mobile App – Exposing Site to Hacking
- Randomize Color Scheme Selection in Theme
- Accidentally deleted php code in WordPress website [closed]
- How can I assign separate stylesheets to different pages?
- How to make sure relative URL works when site is not on root domain?
- Is there a (offical) way for a theme to deactivate itself and show a message in admin?
- Wrap title and excerpt in a div (latest posts block)
- how to get wordpress page url php code [duplicate]
- How to put search bar & logo in the “primary navigation” storefront theme?
- Dynamically switch file in get_template_directory_uri() | Function [closed]
- I am having issue in divi woocomerce checkout module. (DIVI theme)
- Not able to remove caption shortcode from the content
- remove_action from parent theme using child theme functions.php
- Commenting requires wordpress login, wordpress discussion and post comments tick boxes are checked
- Conditional Banners
- The style.php file inside theme-engine folder has other content on FTP
- How to override theme’s public static function inside of a trait?
- $.ajax results in 403 forbidden
- How to Change Site Elements based on referring URL
- how to use 2 index.php file One for mobile and one for desktop
- PHP Error in WordPress Theme
- loop to return tags in woocommerce in alphabetical order?
- need to edit php file of child theme to remove an element
- How to add Open/Close Toggle button into Twenty Fifteen theme for hiding left sidebar?
- Use Custiomizer to setup meta theme color tag
- Retrieve $_POST data to send to javascript without using localize script
- Rotating Header Images
- Custom Theme, Editor won’t wrap text (i.e. change width)
- What is the best practice for restricting a section to logged in users?
- Editted Theme Files Get Updated/Reverted Every So Often
- WordPress pagination broken on blog page, working for search results page
- two wordpress sites, two themes, one database, same content
- calling a function from a class in your template
- Showing custom field contents without listing description
- Hide cart when empty [closed]
- WP Knowledge Base Theme bug – Subcategories and Articles, Need to change WP_Query
- Inserting A Feed and Sidebar into an HTML Page
- how to register a second page-template
- Gallery requires a featured image but does not show it in posts/pages
- How to quickly/easily make an analysis (reverse engineering) of WordPress?
- Link a lightbox thumbnail to a post instead of opening the lightbox
- what to do after instlling cyberpanel on VPS
- Using Featured Image as Hero Background in Word Press
- Font Awesome Icons as squares [closed]
- What is considered good practice for registering menu locations?
- WordPress theme requires PHP v >=8.1 – How to a dd different PHP version to docker-composer
- The theme doesn’t load css and JS files doesn’t load in functions.php
- Upgraded php & wordpress but theme broke
- Woocommerce Select Option Popup [closed]