First check that it’s not empty, then typecast to a string value as a security precaution, because it’s always possible for this to be submitted as an array; e.g., by an attacker. Then unslash, sanitize, and continue by checking length and anything else that you’d like to validate.
if ( ! empty( $_POST['contact_msg'] ) ){
$contact_message = (string) $_POST['contact_msg'];
$contact_message = wp_unslash( $contact_message );
$contact_message = sanitize_textarea_field( $contact_message );
}
Tip: Also be sure to verify the request using an Nonce.
Here’s a more terse variation of the above.
if ( ! empty( $_POST['contact_msg'] ) ){
$contact_message = sanitize_textarea_field( wp_unslash( (string) $_POST['contact_msg'] ) );
}
Related Posts:
- Is wp_nonce_field vulnerable if you know the action name?
- Nonce actions and names available via open source
- not logged in users can’t submit form
- Show the submitted values in the form when validation fails
- Using Contact Forms to Send Private Information [closed]
- Should I use wp_nonce_field on my contact form?
- Validating custom fields before post save
- How to stop direct HTTP POST to a PHP script?
- Front end post form validation
- Where this validating message come from?
- How to add custom regex validation to WPForms password field
- Code for front end validation for forms not working
- Form Sanitization and Validation
- Displaying errors on the front end from my plugin
- Form validation on user profile edit
- How does the SQL injection from the “Bobby Tables” XKCD comic work?
- How to display user registration form on front-end of the website?
- Nonces and Cache
- Creating a contact form without a plugin [closed]
- How to submit data from HTML form?
- Can I verify nonce which was generated on a different WP site?
- Sending form data via PHPMailer – How to action PHP script from a form
- how to handle forms in multiple pages?
- recommended practice for form submission
- Built-in data validation function for URLs
- Gravity Forms skip form if already filled out using cookie?
- One comment per user per post
- Contact forms going into spam folder
- Using the WordPress selected() function
- Who is responsible for data sanitization in WordPress development?
- Return to option page after running PHP script
- Add Div to Comment Form
- Stripe Error: must provide source or customer [closed]
- How to submit form in a PHP file in WordPress?
- CRUD front end for mySQL in WordPress
- How to prevent page from resubmit on refresh when “Cannot modify header information – headers” warning shows
- How to edit custom user meta information front end
- How to redirect new WordPress user to previous page after registering
- Google Map Latitude and Longitude values in form
- Can I use custom CSS and js plugin to put JavaScript in to validate my forms
- How can I find actual logic php file in form’s action path?
- recaptcha working on local but not on live wordpress sites [closed]
- Creating a contact form with Laravel frontend
- Using form parameters within a WordPress “Page”
- Make a form that will send email to all the authors in selected category [closed]
- How to use the built in tooltip for form validation error messages in WP admin plugin?
- Can I make Contact Form 7 change over to a new page? [closed]
- How dynamically change wp_mail behaviour, sending html or plain text based on conditions?
- A mandatory agreement form to access another page?
- Creating short code for search form
- Problem in getting Value through POST method after Login
- Where to add css file that I want my forms to use?
- Downloadable content only for subscribers?
- how to add a custom form in a page
- Create a registration form with a PayPal checkout fee? [closed]
- free form wordpress
- comment form name and email not working?
- Sort populated GravityForms list alphabetically [closed]
- form action wordpress and php
- Checkboxes in a wordpress form are not showing as checked when selected [closed]
- Radio&Checkbox buttons Contact form 7 not clickable
- WordPress Emails & Contact Forms [closed]
- How to add a placeholder to the protected post password input
- How to change a form end email?
- Simple form validation for custom post type in front end. Not working
- Restore Cforms II Form Presets
- Contact form with Jquery and PHP don’t work
- Making an input field required from WP’s perspective
- Cannot modify header form resubmits data on refresh
- wordpress forms submit
- wordpress blog, is there a way to make anyone post in a blog without having login info
- Add Server Side validation in Ajax mail form
- how do I hide or encrypt query strings for gravity forms
- Forms cut off when on mobile
- Sorting wordpress data in excel
- Pricing depending on selected items in a multi step form
- how to add security questions on wp-registration page and validate it
- WPAdverts – How to limit form submission 10 per month
- Using an iframe for a form help
- Sending Form data as Attachment
- Trigger action when submitting form with WPForms [closed]
- Fatal Error with WP Forms
- Form data being sent to parent directory
- fetch custom post if meta key exist
- Form data from wordpress theme to be submitted in other site url
- Send contact form to a specific referrer-email adres
- wp_nonce for Front-End submission form not working
- Pay before posting (frontend insert post)
- How to use the in WP
- How to send form values from the script in functions.php and not from the form on my website?
- How do I capture the selected option and pass in sending the registration form?
- Issue with contact form 7
- Advanced searching form
- Will my WordPress site become vulnerable after adding this functions which allows more HTML tags for subscribers?
- Cannot access a file in the theme (twentynineteen-child) folder
- Dropdown List Won’t Display Selected Option After Submit / Refresh
- Dynamic price for payment button
- How to use tag in wordpress?
- How can I add email code authentication on form submission without any wp plugin?
- Implementing Autosave Functionality for Long, Multi-page Forms in WordPress