-
Notifications
You must be signed in to change notification settings - Fork 3
Sanitization
Piotr Kierzniewski edited this page Nov 9, 2017
·
2 revisions
According to principle sanitize input, escape output. You should sanitize your form data. You can do it using WordPress sanitize functions or using built in PHP filters. No matter what you choose good place to do it is after validating form. Following example is using PHP filters.
Imagine we have simple contact form with fields full_name, email, message.
// Get request object
$request = mf_get_request();
// Handle request
$form->handleRequest( $request );
// Check if form is submitted and validate data
if( $form->isSubmitted() && $form->isValid() ) {
// Get form data
$data = $form->getData();
// Define filters
$filters = array(
'full_name' => FILTER_SANITIZE_STRING,
'email' => FILTER_SANITIZE_STRING | FILTER_SANITIZE_EMAIL,
'message' => FILTER_SANITIZE_STRING,
);
// Fields sanitization
$sanitized_data = filter_var_array( $data, $filters );
// Perform action with form data e.g. send an e-mail
}$sanitized_data variable will contain safe values.