Support

Account

Home Forums General Issues Is sanitation of get_field() needed before usage

Helping

Is sanitation of get_field() needed before usage

  • In this simple snippet, isn’t it necessary to sanitize the get_field before using it?

    <?php
    if ( get_field( 'phone' ) {
       $phone = format_phone_number( get_field( 'phone' ) );
       ?>
       <p class="coworker__phone"><?php echo esc_html( $phone ); ?></p>
       <?php
    }

    I mean, is it necessary to write like this:

    <?php
    if ( sanitize_text_field( get_field( 'phone' ) ) {
       $phone = format_phone_number( sanitize_text_field( get_field( 'phone' ) ) );
       ?>
       <p class="coworker__phone"><?php echo esc_html( $phone ); ?></p>
       <?php
    }

    I thought, since the field is used before rendered, is it possible for malicious code to enter if the sanitize_text_field() is not used before using the data in the IF-condition and the formation function?

  • If you are worried about what is in the field then yes.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.