Data validation and sanitization comes into action whenever users are allowed to enter data either via forms in Custom Meta Box, Theme Options or any other ways. Although our code seems to work fine without the implementation of data validation and sanitization but it is important to validate the code if you want your data’s to be secured. Data’s without validation are vulnerable to hackers and they can exploit it in different ways.
Why data validation and sanitization?
- Hackers can inject various script including XSS (Cross-Site Scripting) if not properly validated
- Can break the forms at output
- Spread malware
Here is an example that shows how a simple input field can be a potential threat.
//Retrieving value from $_Post variable $username = $_POST['username'] <label> Name </label> <input type="text" name="username" value="<?php echo $username; ?>" />
The above code is a simple input field for entering user’s name. There is nothing wrong with above code if user enters a name George but what happens when user enters following values in input field:
case a: <George>
In case a: the output form will break in browser due to < >(less than, greater than).
In case b: user seems to inject script which may lead unauthorized user gain privileges to sensitive information and pages.
Difference between Data Validation and Sanitization
Data Validation: The purpose of data validation is to make sure that we receive what we expect to receive. If the data is valid we accept it if not we reject it. Before saving data we validate it.
Sanitization: In Contrast to data validation, sanitization don’t reject the whole data but strips evil tags and encodes the tags before echoing it to the browsers. Before showing to user’s browser we sanitize data.
But in some cases we need to both validate and sanitize the input data.
Whether to Validate or sanitize input?
Well it depends on condition. For example there is an input field where user has to enter his age. We can validate the data in this case and accept it if its a positive integer using absint( $int ) and reject if data is not a positive integer and ask user to re-enter the age. But in case of text field where user enter a lengthy text, validating and ignoring the whole text and asking user to rewrite the whole text just because user uses some HTML tags doesn’t sound as a good approach. In such cases sanitizing the text and stripping the tags seems to be better option.
Luckily, WordPress has a bunch of functions that can be used to validate and sanitize any untrusted data. One can of course use PHP functions too but it is always a better idea to use WordPress functions if available.
Note: Part 2: of this article will be published next week. I shall be covering on detail what WordPress functions are available for output sanitization and input validation and how to use them.