How to properly validate data from $_GET or $_REQUEST using WordPress functions?

WordPress doesn’t provide any specific data validation functions for SUPERGLOBALS.

I use the PHP filter_input function then escape it as I would any untrusted variable.

$url = filter_input( INPUT_GET, 'some_query_string', FILTER_VALIDATE_URL );

echo '<a href="'. esc_url( $url ). '">Click Me</a>';

The PHP filter input accepts:

Related Posts:

  1. In Which Contexts are Plugins Responsible for Data Validation/Sanitization?
  2. What is the difference between esc_html and wp_filter_nohtml_kses?
  3. What is the difference between strip_tags and wp_filter_nohtml_kses?
  4. Coding a plugin on WordPress; when should I sanitize? [duplicate]
  5. Prevent invalid or empty values from being saved to the database and retain the form field values upon error
  6. Is it necessary to do validation again when retrieving data from database?
  7. how to add security questions on wp-registration page and validate it
  8. oneOf two possible objects in WP REST API?
  9. esc_url, esc_url_raw or sanitize_url?
  10. How to store username and password to API in wordpress option DB?
  11. How to validate custom fields in custom post type?
  12. How should one implement add_settings_error on custom menu pages?
  13. Nonces can be reused multiple times? Bug / Security issue?
  14. is_email() VS sanitize_email()
  15. Can someone explain what wp_session_tokens are, and what are they used for?
  16. WordPress and PHP Sessions – Security and Performance
  17. Nonce in settings API with tabbed navigation
  18. Log in from one wordpress website to another wordpress website
  19. Escaping built-in WP function return strings
  20. WP Cron doesn’t save or in post body
  21. stray elements
  22. WordPress restrict plugin file direct access
  23. Plugin development: is adding empty index.php files necessary?
  24. Confusion on WP Nonce usage in my Plugin
  25. array_map() for sanitizing $_POST
  26. Correct way check nonce (security) using old Options API
  27. Verify Nonce returns false – Request Nonce returns correct value
  28. Why do I need to check if wp_nonce_field() exists before using it
  29. vs WordPress Security
  30. Who is responsible for data sanitization in WordPress development?
  31. Is there any way to check for user login and send him to login?
  32. WordPress security issue to output data from user input from theme option form
  33. How to sanitize user input?
  34. How do i validate data entered in a meta box so that only floats can be entered in a field?
  35. Verify if user is wordpress logged in from another app since wordpress 4.0
  36. WP_Editor – Saving Value into Plugin Option – Stripping HTML
  37. Secure Pages Best Practice
  38. Multiple options pages validation for a plugin
  39. Securing/Escaping Output of file content – reading via fread() in PHP
  40. best way to make a WordPresss multisite that is secure but at the same time supporting my plugin development efforts
  41. Video Security just like facebook [closed]
  42. Is disabling test_form in wp_handle_upload a security concern?
  43. How to connect my wordpress plugin to a remote database securely?
  44. wp_nonce_field displaying twice
  45. wordpress is adding a second backslash when I use addslashes
  46. Checking a WordPress for OWASP top 10 vulnerabilities [closed]
  47. How do I have now a duplicated user entry if this is not allowed (and I cannot replicate it)?
  48. add_submenu_page hooked function must explicitly check user capabilities – why?
  49. Are there any security risks when submitting data-attribute data through AJAX?
  50. Why would you use esc_attr() on internal functions?
  51. Is it possible to use WP-CLI in a plugin (or theme)?
  52. Secruity Questions on a timer
  53. How WordPress sanitizes post content on save? Or it doesn’t?
  54. Using HTML links within translatable string
  55. How can I save a password securely as a settings field
  56. How to validate inputs with filter in register_setting callback
  57. Using password protection to load different page elements?
  58. HTML Elements in my WP Plugin being generated in JS. Security and Translated Text Question about this method being used
  59. How do I add a 5 digit ZIP code validation to a Contact7 form?
  60. $ is not defined [duplicate]
  61. How to store sensitive user data (passwords)
  62. Sanitize WordPress Array Input?
  63. How do I make secure API calls from my WordPress plugin?
  64. esc_attr() on hard coded string
  65. do I need to sanitize a shortcode’s function input?
  66. Experts opinions needed: How (in)secure is this approach?
  67. Array/List Edit in Backend
  68. What is more secure checking capabilities of user or checking role of user in WordPress plugin development
  69. Data Validation, dynamically generated fields (select for example)
  70. Sanitize and Save metabox values
  71. how to sanitizing $_POST with the correct way?
  72. Sanitization of register_setting()
  73. wp_verify_nonce is always false even when the nonces are identical
  74. How does the SQL injection from the “Bobby Tables” XKCD comic work?
  75. Objective Best Practices for Plugin Development? [closed]
  76. add_menu_page() with different name for first submenu item
  77. Autoloading & Namespaces in WordPress Plugins & Themes: Can it Work?
  78. How to include PHP files in plugins the correct way
  79. How can I add an image upload field directly to a custom write panel?
  80. A tool to analyze rewrite rules? [closed]
  81. Difference Between Filter and Action Hooks?
  82. framework for plugin/theme options panel? [closed]
  83. Creating a table in the admin-style?
  84. How can you check if you are in a particular page in the WP Admin section? For example how can I check if I am in the Users > Your Profile page?
  85. Settings API with arrays example
  86. How to get the path to the current theme?
  87. How to make a plugin require another plugin?
  88. ajaxurl not defined on front end
  89. What process do you use for WordPress development? [closed]
  90. What’s the difference between term_id and term_taxonomy_id
  91. Should I use wpdb prepare?
  92. Why does WordPress use outdated jQuery v1.12.4?
  93. Post meta vs separate database tables
  94. Is there any plugin development framework
  95. Is it possible to reuse wp.media.editor Modal for dialogs other than media
  96. How to add a javascript snippet to the footer that requires jQuery
  97. Enhance Media Manager for Gallery
  98. How do I create a custom role capability?
  99. How do I add CSS options to my plugin without using inline styles?
  100. How do i best handle custom plugin page actions?

Leave a Comment

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)