In my theme, i am grabbing user input with get_option() and according to that input i want to i want to declare a new variable and print in my single.php file. For example:
<?php
$tutorial_condition = get_option( 'tutorials_creater' );
if ( $tutorial_condition == 1 ) {
$second_col_class = 'col-9';
} else {
$second_col_class = 'col-2';
}
?>
now when i echo $second_col_class variable in my php files it works fine. But when i run themecheck plugin it shows an error like this.
“Possible data validation issues found. All dynamic data must be correctly escaped for the context where it is rendered.”
i want to echo that variable like below.
<div class="<?php echo $second_col_class; ?>">
//my code here..
</div>
I cannot use isset() function because it just returning true or false. Is there any alternative to this?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Please see this Codex article for further guide, but in your case, you would use esc_attr() to escape the $second_col_class value which is being used in an HTML attribute, namely class:
<!-- bad -->
<div class="<?php echo $second_col_class; ?>">
<!-- good -->
<div class="<?php echo esc_attr( $second_col_class ); ?>">
<!-- good -->
<div class="<?php esc_attr_e( $second_col_class, 'text-domain' ); ?>">
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0