The API handles the nonce for the form part because you’re using the settings_fields call, which outputs the *-options nonce, and you’re passing the data to the options.php file for saving, which checks that nonce for you before saving the settings. This part the Settings API does indeed do for you. However, your tab code … Read more
There is no difference when you are using just echo. What works different is unset(): function test_unset_1() { global $post; unset( $post ); } function test_unset_2() { unset( $GLOBALS[‘post’] ); } test_unset_1(); echo $GLOBALS[‘post’]->ID; // will work test_unset_2(); echo $GLOBALS[‘post’]->ID; // will fail The reason is that unset() destroys just the local reference in the … Read more
Using $wpdb->insert and or related methods to modify data within any of the default WordPress tables, be it posts, postmeta, user, usermeta etc is discouraged because there are functions which already exist for the purpose of modififying data within those tables. For example, wp_insert_post wp_update_post wp_delete_post Database Queries Avoid touching the database directly. If there … Read more
Note that the WPCS standards for PHPCS are not “official”. I am one of the maintainers, and all that we can do is to do our best to match the standards that WordPress suggests. In this case, I’m unsure how you would escape the output from wp_oembed_get(). The function may indeed need to be escaped … Read more
These arguments contain arbitrary HTML and cannot be properly escaped. This is essentially a limitation on how Widgets code was designed and you can see in core Widget classes that no escaping is done on these. Lessons to learn: WP core doesn’t consistently adhere to its own coding standards (and getting there isn’t considered worth … Read more
You don’t document function calls, but function definitions. Because the function could be called unlimited times, right? So it makes no sense to document functions when they are called. If you document the call, then probably because you do some things you want to remember later – or let other following developers know. But normally, … Read more
This coding style is known as a Yoda Condition, and it’s nothing specific to WordPress. I’ve used the same style in C++, C#, and even JavaScript code. The main benefit of a Yoda Condition is that it prevents accidental value assignment from a typo. Consider the following (often-seen-in-the-wild) typo: if ( $some_variable = 1 ) … Read more
First of all lets clarify what paradigm word means in the programming. It means that we come to an agreement that we will handle certain cases/issues/situations in a certain way. For instance, we come to agreements that foot-passenger should cross a road on a green light in our country. This is our green light paradigm. … Read more
WordPress coding standards for PHP does not state anything about this, and there is no other standard, so it’s up to developers to choose one way or another. I have to say that the 2 methods have different approaches; while the first contains conditional logic, the second is a conditional function declaration, which means that … Read more
I think it’s impossible to give a definitive answer here, because choices like this are personal preference. Consider that what follows is my approach, and I have no presumption it is the right one. What I can say for sure is that you should avoid your third option: Just return null/false This is bad under … Read more