WordPress.org

1. gavimobile
   Member
   Posted 9 months ago #
   

   hi i just finished reading the codex section for sub menus
   link to codex. assuming there is NO field limitation for example:
   <?php if (empty($_POST['my_field'])){ echo 'print error msg'; } ?> I would really like to know if im doing this properly. how would you folks do it with less code and more security. i dont know if wordpress even escapes these $_POST fields. let me know what you think! thanks in advance

   <?php
   	//must check that the user has the required capability
   	if (!current_user_can('manage_options')){
   		wp_die(__('You do not have sufficient permissions to access this page.'));
   	}
   
   	// See if the user has posted us some information
   	// If they did, this hidden field will be set to 'Y'
   	if (isset($_POST['submit_hidden_color']) && $_POST['submit_hidden_color'] == 'Y'){
   		$field1 = $_POST['favorite_color'];
   		// Save the posted value in the database
   		update_option('favorite_color', $field1);
   	}else{
   		$field1 = get_option('favorite_color');
   	}
   	if (isset($_POST['submit_hidden_car']) && $_POST['submit_hidden_car'] == 'Y'){
   		$field2 = $_POST['favorite_car'];
   		// Save the posted value in the database
   		update_option('favorite_car', $field2);
   	}else{
   		$field2 = get_option('favorite_car');
   	}
   
   	if (isset($_POST['Submit'])){
           // Put a settings updated message on the screen
   		echo '<div class="updated"><p><strong>';
   		_e('settings saved.', 'mpc-products-settings-page');
   		echo '</strong></p></div>';
   	}
   
   	// Now display the settings editing screen
   	echo '<div class="wrap">';
   		// header
   		echo '<h2>' . __('Menu Test Plugin Settings', 'mpc-products-settings-page') . '</h2><div id="icon-options-general" class="icon32"><br></div>';
   		// settings form
   ?>
   		<form name="form1" method="post" action="">
               <input type="hidden" name="submit_hidden_color" value="Y">
               <p><?php _e("Favorite Color:", 'mpc-products-settings-page' ); ?>
               <input type="text" name="favorite_color" value="<?php echo $field1; ?>" size="20">
               </p>
   
               <input type="hidden" name="submit_hidden_car" value="Y">
               <p><?php _e("Favorite Car:", 'mpc-products-settings-page' ); ?>
               <input type="text" name="favorite_car" value="<?php echo $field2; ?>" size="20">
               </p>
   
               <hr />
               <p class="submit">
               <input type="submit" name="Submit" class="button-primary" value="<?php esc_attr_e('Save Changes') ?>" />
               </p>
   		</form>
   	</div>

2. gavimobile
   Member
   Posted 9 months ago #
   

   as i was continuing with my reading, it seems im going to need to use an array. also, only 1 hidden field is required. wasnt sure what its purpose was untill now. maybe someone can show me a better example of this as an array! it would help me understand it better. also i would still like to know about if i need to do any kind of escaping.

   thanks

Reply

You must log in to post.