设置API-清理URL、电子邮件地址和文本

时间:2012-05-03 作者:chris_s

我正在征求关于如何编写此代码的最佳实践的建议。目前,我有简单的主题选项和文本字段,在我的模板中输出信息。我目前正在使用此代码进行设置api和纯文本清理。我的问题是,另一个设置字段是网站字段,也是电子邮件字段。我不确定是否必须创建另一个完整的主题选项、节和字段,以便可以直接单独清理已注册的设置(并对每种类型进行正确清理),或者是否可以在同一个主题中组合所有设置oem_theme_profile_options 卫生处理。我还不是最好的php高手。因此,从最佳实践的角度来理解这一点将有助于我对未来的教育,而不是让我在数据库中创建多个选项。

function oem_theme_initialize_profile_options() {

        if( false == get_option(\'oem_theme_profile_options\')) {
                add_option(\'oem_theme_profile_options\');
        }

        add_settings_section(
                \'profile_settings_section\',
                \'Profile Options\',
                \'oem_profile_options_callback\',
                \'oem_theme_profile_options\'
        );

            add_settings_field(
                    \'personal_name\',
                    \'Name\', 
                    \'oem_personal_name_callback\',
                    \'oem_theme_profile_options\',
                    \'profile_settings_section\'
            );
                     register_setting(
                            \'oem_theme_profile_options\',
                            \'oem_theme_profile_options\',
                            \'oem_theme_sanitize_profile_options\' // Here is where all these options get sanitized the same.
                    );
} // end of oem_theme_initialize_profile_options

add_action(\'admin_init\', \'oem_theme_initialize_profile_options\');


function oem_profile_options_callback() {
        echo \'<p>Provide the URL to the profile networks you\\\'d like to display</p>\';
} // end oem_profile_options_callback

function oem_personal_name_callback() {

        // First, we read the profile options collection
        $options = get_option(\'oem_theme_profile_options\');

        // Next, we need to make sure the elment is defined in the options. If not, we\'ll set an empty string.
        $url = \'\';
        if (isset( $options[\'personal_name\'] )) {
                $url = $options[\'personal_name\'];
        }

        // Render the output
        echo \'<input type="text" id="personal_name" name="oem_theme_profile_options[personal_name]" value="\' . $options[\'personal_name\'] . \'" />\';
} // end oem_personal_name_callback
文本清理

function oem_theme_sanitize_profile_options($input) {

        //Define the array for the updated options
        $output = array();

        // Loop through each of the options sanitizing the data
        foreach ($input as $key => $val) {

                if( isset($input[$key]) ) {
                        $output[$key] = strip_tags( stripslashes($input[$key]));
                } // end if
        } // end foreach

        return apply_filters( \'oem_theme_sanitize_profile_options\', $output, $input );
} // end oem_theme_sanitize_profile_options

2 个回复
最合适的回答,由SO网友:Pierre 整理而成

不要每次都使用add\\u settings\\u section()和add\\u settings\\u field(),而是创建一个返回选项数组的函数,例如:

function my_theme_options() {
$options = array();

$options[] = array(
                \'id\' => \'ID\',
                \'title\' => \'Title\',
                \'type\' => \'text_field\', // use this value to sanitize/validate input
                \'validate\' => \'url\' // use this value to validate the text as url
                // add as much as you need like description, default value ...
            );

$options[] = array(
                \'id\' => \'ID_2\',
                \'title\' => \'Title\',
                \'type\' => \'text_field\',
                \'validate\' => \'email\' // use this value to validate the text as email
                // add as much as you need like description, default value ...
            );

// every time you want to add a field you\'ll use this function an create a new array key $options[] = array();

return $options;
}

使用此函数,我们可以向foreach循环注册每个字段,该循环将使用add\\u settings\\u field()

现在,使用此函数,您可以为register\\u setting()创建一个回调函数,并使用switch验证输入,例如:

// this should be the callback function of register_setting() (last argument)
function validate_settings($input) {
$options = my_theme_options(); // we\'ll set $options variable equal to the array we created in the function before

$valid_input = array(); // this will be the array of the validated settings that will be saved to the db, of course using one array for all options.

foreach ($options as $option) {
    switch ( $option[\'type\'] ) { // $option[\'type\'] where type is the key we set before in my_theme_options()
        case \'text_field\':
            // inside we\'ll create another switch that will use the validate key we created in my_theme_options()
            switch( $option[\'validate\'] ) {
                case \'url\':
                    // validate url code

                break;

                case \'email\':
                    // validate email
                break;

                // create a default for regular text fields
                default:
                    // default validation
                break;
            }
        break;

        case \'textarea\':
            // your validation code here
        break;

        // you get the idea just keep creating cases as much as you need
    }// end switch
}// end foreach

return $valid_input;
}
在每个案例结束时,将值保存到$valid\\u输入数组

$valid_input[$option[\'id\']] = $input[$option[\'id\']]
例如,验证url使用:

if ( preg_match(\'your regex\', $input[$option[\'id\']]) ) {
    $valid_input[$option[\'id\']] = $input[$option[\'id\']];
}
您也可以像options函数一样创建一个函数,但对于sections和创建一个foreach循环,该循环将使用add\\u settings\\u section(),您会觉得这对您来说会容易得多,以后要添加新的设置字段和section时会节省很多时间。希望有帮助:)

SO网友:Tom Auger

我想我会先让你看一下Data Validation. 在那里,您将发现大量有用的内置函数,用于清理URL和其他输入字段,包括检查有效电子邮件(is\\u email()),尽管它实际上没有清理。

然后,由于在$input, 考虑编写switch 内的声明oem_theme_sanitize_profile_options() 如果您希望隔离某些要作为特殊情况处理的输入。

考虑using add_settings_error() 如果输入字段(如电子邮件字段)无效。

结束
标签: settings-api   sanitization   小码农  

相关推荐