Support » Fixing WordPress » Basic security question re. wp_kses and esc-textarea

  • I’m adding a textarea option, and I wanted to check that I was doing it right.

    When I add in a test snippet, and search the database, it’s there in the database, even though the php snippet isn’t output (the double quote snippet is output).

    The snippet I used to test was <?php // test ?> "test"

    The code I’m using is as follows:

    $example_textbox_content = get_option( "$example_textbox" );
    $allowed_html02 = array();
    $example_textbox_content =  wp_kses($example_textbox_content , $allowed_html02);
    $example_textbox_content = esc_textarea( $example_textbox_content);	
    echo'<label class="example-options example-options-textbox" for="a_'. $example_textbox_id. '">'. $example_textbox_label . '</label><br />' . "\n";
    echo '<input class="example-options example-options-textbox" type="text" id="a_'. $example_textbox_id.'" name="'. $example_textbox . '" value="'. $example_textbox_content .'" />'."\n".'<br />';
  • The topic ‘Basic security question re. wp_kses and esc-textarea’ is closed to new replies.