But be aware: Security through obscurity is no security at all.
Can offer a small layer of protection against brute force attacks.
define( 'DISALLOW_FILE_EDIT', true );
Ensures that input is secure before using it in your code.
What if we had a very narrow set of valid responses?
function ga_validate_yes_no( $some_input ) {
if ( in_array( $some_input, array( 'yes', 'no' ), true ) ) {
return $some_input;
}
}
Be sure to use strict type checking.
// will evaluate to integer 1 during loose comparisons
$untrusted_input = '1 malicious string';
// == would have evaluated to true, but === evaluates to false
if ( 1 === $untrusted_input ) {
echo '<p>Valid data</p>';
} else {
wp_die( 'Invalid data' );
}
is_bool()
is_float()
is_int()
is_numeric()
is_string()
Removes the elements we don't want from data.
sanitize_text_field()
absint()
esc_url_raw()
sanitize_email()
sanitize_file_name()
sanitize_key()
sanitize_title()
esc_html()
esc_url()
esc_js()
esc_attr()