How to escape $_GET and check if isset?

The proper way to do that is using filter_input(). Here is an example for using a custom sanitize function:

$tab = filter_input(
    INPUT_GET, 
    'tab', 
    FILTER_CALLBACK, 
    ['options' => 'esc_html']
);

$tab = $tab ?: 'front_page_options';

Related Posts:

  1. Should I sanitize an email address before passing it to the is_email() function?
  2. Escaping and sanitizing SVGs in metabox textarea
  3. What is the difference between wp_strip_all_tags and wp_filter_nohtml_kses?
  4. Reason for Lowercase usernames
  5. What is the best way to sanitize data?
  6. Should nonce be sanitized?
  7. esc_url removes white space. Can I change that to using ‘-‘?
  8. WP Coding standards – escaping the inescapable?
  9. Sanitatizing when using the posts_where hook
  10. Escape hexadecimals/rgba values
  11. Must I serialize/sanitize/escape array data before using set_transient?
  12. Echo JavaScript Safely
  13. wp_kses ignore allowed and allow everything
  14. Sanitize array callback for the WordPress Settings API
  15. What’s a safe / good way to output HTML safely within WordPress templates?
  16. Do Not Understand → Rule No. 4: Making Data Safe Is About Context [closed]
  17. Sanitizing output that contains quotes?
  18. WP_Customize_Manager: How to get control ID
  19. How to use wp_filter_oembed_result?
  20. Sanitization html output itself
  21. Post text sanitization after publishing/editing – changes are not saved
  22. wp_set_object_terms() without accents
  23. Escaping data from database (users table) is necessary?
  24. Properly sanitize an input field “Name “
  25. What is the proper way to sanitize $_POST and $_GET vars?
  26. Why is sanitize_text_field() selectively trimming data?
  27. what is a good method to sanitize the whole $_POST array in php?
  28. Data sanitization: Best Practices with code examples
  29. How safe / sanitized is wp_insert_posts()?
  30. How to safely sanitize a textarea which takes full HTML input
  31. How to properly validate data from $_GET or $_REQUEST using WordPress functions?
  32. What’s the difference between esc_* functions?
  33. is_email() VS sanitize_email()
  34. What is the difference between esc_html and wp_filter_nohtml_kses?
  35. How to escape custom css?
  36. Escaping quotes from shortcode attributes
  37. Sanitation needed for WP_Query or get_posts calls?
  38. How to allow HTML tags into WP Bakery (formerly Visual Composer) `textfield` parameter
  39. Do Cookies Need to be Sanatized Before Being Saved?
  40. Default WordPress settings API data sanitization
  41. What is the difference between strip_tags and wp_filter_nohtml_kses?
  42. Should I sanitize custom post meta if it is going to be escaped later?
  43. How to display data from custom table in wordpress database?
  44. Remove tinyMCE from admin and replace with textarea
  45. wp_sanitize_redirect strips out @ signs (even from parameters) — why?
  46. array_map() for sanitizing $_POST
  47. Correct processing of `$_POST`, following WordPress Coding Standards
  48. I’m confused about URL sanitization in meta boxes
  49. why is esc_html() returning nothing given a string containing a high-bit character?
  50. How Could I sanitize the receive data from this code
  51. Who is responsible for data sanitization in WordPress development?
  52. Settings API – sanitize_callback is not called and it leads to an incorrect behavior
  53. Best Practice for Validating and Sanitizing Data
  54. Storing HTML in wp_options
  55. What is the proper way to validate and sanitize JSON response from REST API?
  56. MITM risk of not sanitizing?
  57. Which escape function to use when escaping an email or plain text?
  58. Modify automatically generation of slug when term is created
  59. Can i use the same sanitize function on multiple theme mod textboxes?
  60. What function removes apostrophes when making a slug?
  61. How to sanitize uploaded file filename from a plugin?
  62. Is wp_kses the right approach in sanitizing this string?
  63. Seeking clarity on data sanitization fields for settings textarea
  64. Customizer: Category Select Sanitize
  65. Prevent invalid or empty values from being saved to the database and retain the form field values upon error
  66. How to use sanitize_callback?
  67. Theme Customizier sanitize_callback not working
  68. Change wp_sanitize function?
  69. Are un-sanitized theme options more vulnerable to malicious scripts than the theme editor?
  70. What’s the proper way to sanitize checkbox value sent to the database
  71. How to escape html generate by a loop
  72. confused about sanitize_email after is_email [duplicate]
  73. Trouble creating custom sanitization function for user list dropdown
  74. Output Sanitation
  75. Invalidate username if it contains @ symbol
  76. Contact Form Security
  77. How to allow certain PHP functions when using sanitize_callback in the word press customizer
  78. Display the line breaks in user bio without using html
  79. Change user nicename without sanitize
  80. Sanitize $_GET variable when comparing
  81. HTML in category name
  82. How can I apply custom sanitization to new usernames?
  83. How do I sanitize the str_replace function in javascript variables
  84. Sanitizing textarea for wp_insert_post with TinyMCE enabled or disabled
  85. Safely store code(html/js..) into database
  86. Sanitaizing Select Optin For Custom Post Type Metabox in WP
  87. settings api and the data passed in the parameter
  88. HTML Img with data:image src gets sanitized in admin?
  89. Do I need to sanitize $_POST[‘keyword’] before send to ‘s’ parameter?
  90. Where is the HTML-handler part in the wpdb class?
  91. Can we validate data from jquery
  92. Custom-Metaboxes-and-Fields text_url field prepending http://
  93. Data validation for inline javascript
  94. Sanitize and Save metabox values
  95. How to return responsive images from a sanitize_callback?
  96. esc_url, esc_url_raw or sanitize_url?
  97. how to sanitizing $_POST with the correct way?
  98. Does it make sense to sanitize the output of an SVG file?
  99. WooCommerce custom SVG coloring tool [closed]
  100. sanitize meta input