I need to know if this is the right way of doing this after reading something about html_esc.
I have a custom post type for the Event and it has a Google Maps embed iframe on the event template.
<iframe
width=”450″
height=”250″
frameborder=”0″ style=”border:0″
referrerpolicy=”no-referrer-when-downgrade”
src=”https://www.google.com/maps/embed/v1/MAP_MODE?key=YOUR_API_KEY&PARAMETERS”
allowfullscreen>
</iframe>
is it OK to code it like this. My fields name are google_maps_api_key which I set on an options page up for and venue_name. It works fine but I’m new at this so I’m unsure.
<iframe
width=”450″
height=”250″
frameborder=”0″ style=”border:0″
referrerpolicy=”no-referrer-when-downgrade”
src=”https://www.google.com/maps/embed/v1/MAP_MODE?key=<?php echo get_field(‘google_maps_api_key’, ‘option’); ?>&q=<?php echo get_field(‘venue_name’); ?>”
allowfullscreen>
</iframe>
I would be grateful for any advice.
That is the way I would do it as long as you trust the person that is entering or can edit the key value on the options page.
If the people entering the values may not be trustworthy then there are various WP function that you can use to sanitize values depending on what it is used for and the list can be found here https://developer.wordpress.org/apis/security/sanitizing/
I see there is a problem It’s now not working.
