The proper way to do that is using filter_input()
. Here is an example for using a custom sanitize function:
$tab = filter_input(
INPUT_GET,
'tab',
FILTER_CALLBACK,
['options' => 'esc_html']
);
$tab = $tab ?: 'front_page_options';
Related Posts:
- Should I sanitize an email address before passing it to the is_email() function?
- Escaping and sanitizing SVGs in metabox textarea
- What is the difference between wp_strip_all_tags and wp_filter_nohtml_kses?
- Reason for Lowercase usernames
- What is the best way to sanitize data?
- Should nonce be sanitized?
- esc_url removes white space. Can I change that to using ‘-‘?
- WP Coding standards – escaping the inescapable?
- Sanitatizing when using the posts_where hook
- Escape hexadecimals/rgba values
- Must I serialize/sanitize/escape array data before using set_transient?
- Echo JavaScript Safely
- wp_kses ignore allowed and allow everything
- Sanitize array callback for the WordPress Settings API
- What’s a safe / good way to output HTML safely within WordPress templates?
- Do Not Understand → Rule No. 4: Making Data Safe Is About Context [closed]
- Sanitizing output that contains quotes?
- WP_Customize_Manager: How to get control ID
- How to use wp_filter_oembed_result?
- Sanitization html output itself
- Post text sanitization after publishing/editing – changes are not saved
- wp_set_object_terms() without accents
- Escaping data from database (users table) is necessary?
- Properly sanitize an input field “Name “
- Is sanitize_title enough to generate post slugs?
- In Which Contexts are Plugins Responsible for Data Validation/Sanitization?
- wordpress sanitize array?
- Should HTML output be passed through esc_html() AND wp_kses()?
- When to use esc_html and when to use sanitize_text_field?
- Sanitize and data validation with apply_filters() function
- Sanitize content from wp_editor
- Sanitize User Entered CSS
- Which KSES should be used and when?
- Settings API – sanitizing urls, email addresses and text
- Escaping WP_Query tax_query when term has special character(s)
- Does WordPress sanitize arguments to WP_Query?
- WP doesn’t show Array Custom Fields?
- Shortcode putting html such as
- How to properly sanitize strings without $wpdb->prepare?
- how to sanitize checkbox input?
- Sanitizing post content for use in an email
- Is there an equivalent of the PHP function sanitize_key in Gutenberg?
- How to get input_attrs in the sanitize function?
- What is the difference between sanitize_text_field() and wp_filter_nohtml_kses()?
- Sanitizing `wp_editor();` Values for Database, Edit, and Display
- Sanitizing search data for use with WP_Query
- How to sanitize post meta field value?
- where to apply “apply filters” and other Sanitization Functions
- How to save html and text in the database?
- Data Validation: Always escape late / escape HTML Code
- Multiple register settings, with same option name – issue
- Filter string like a slug
- Sanitize textarea instead of input
- Default WordPress taxonomy (Tag) – How to add a custom field to form and save it to the database
- Sanitizing, Validating and Escaping in WordPress (Plugin)
- vs WordPress Security
- Cannot get ‘sanitize_callback’ to work for rest parameters
- How to sanitize user input?
- Change filename during upload
- Why does wp_redirect strip out %0A (url encoded new line character) and how do I make it stop?
- wpdb get_results() and prepare when to use prepare?
- Preserve old values on error in setting API
- WP_Editor – Saving Value into Plugin Option – Stripping HTML
- CSS from textarea in options page to frontend what to do
- How to get rid of shortcodes in post content once and for all
- Data sanitization for user registration and user login
- What is the safe way to print tracking code / pixel code before tag or tag
- Unable to sanitize in customizer and escape in theme without removing ability for user to use “< br >” to insert a line break
- sanitize_text_field and apostrophe problem
- Escaping date string in url with wordpress
- Are un-sanitized theme options more vulnerable to malicious scripts than the theme editor?
- What’s the proper way to sanitize checkbox value sent to the database
- How to escape html generate by a loop
- Does meta-data need to be sanitized?
- Can A Post Meta Field Store multiple values that are not in an array?
- esc_attr on get_post_meta [closed]
- Using esc_url_raw with protocols properly
- Output Sanitation
- How to allow certain PHP functions when using sanitize_callback in the word press customizer
- Sanitize $_GET variable when comparing
- Function sanitize_title() does not appear to be working
- Sanitaizing Select Optin For Custom Post Type Metabox in WP
- How to handle complex data with Settings API
- Toggle Shortcode Sanitize Title
- settings api and the data passed in the parameter
- HTML Img with data:image src gets sanitized in admin?
- Sanitizing URL in a WordPress plugin
- how to sanitize customizer checkbox control
- do I need to sanitize a shortcode’s function input?
- Where is the HTML-handler part in the wpdb class?
- Form Sanitization and Validation
- Data not displaying in text field
- Proper Way to Sanitize Meta Input
- Sanitize html, where to sanitize
- Save selectlist value (taxonomy) in wp:wp_set_object_terms
- Notice: Undefined index: in options-framework.php
- How to use esc_attr__() function properly to translate a variable that contains string?
- oneOf two possible objects in WP REST API?
- How to return responsive images from a sanitize_callback?
- how to sanitizing $_POST with the correct way?