[英]Sanitize custom checkout fields data in WooCommerce
Following the WooCommerce checkout fields customization docs: 遵循WooCommerce结帐字段自定义文档:
Customizing checkout fields using actions and filters 使用操作和过滤器自定义结帐字段
I have added a custom field to woocommerce checkout page, through functions.php . 我已经通过functions.php向woocommerce结帐页面添加了一个自定义字段。
I'm worried if I have to sanitize user input for that custom field? 我担心是否必须清理该自定义字段的用户输入?
I think it doesn't need sanitization since it's passed into billing fields as in: $fields['billing'], is that correct? 我认为它不需要清理,因为它被传递到计费字段,如:$ fields ['billing'],这是正确的吗?
If not how do I sanitize this custom field? 如果不是,我该如何清理这个自定义字段?
Creating this custom field is meant to accept text strings(latin) and integers combined no longer than 50 in length. 创建此自定义字段意味着接受文本字符串(拉丁语)和长度不超过50的整数。
// Hook in
add_filter( 'woocommerce_checkout_fields' , 'custom_override_checkout_fields' );
// Our hooked in function - $fields is passed via the filter!
function custom_override_checkout_fields( $fields ) {
//Adding custom text field
$fields['billing']['billing_username'] = array(
'type' => 'text',
'label' => __('Your Username', 'woocommerce'),
'placeholder' => _x('', 'placeholder', 'woocommerce'),
'required' => true,
'class' => array('form-row-first'),
'clear' => true
);
return $fields;
}
If you look to the related Official Documentation linked in your question, you've got this snippet: 如果您查看问题中链接的相关官方文档,您就会得到以下代码段:
/**
* Update the order meta with field value
*/
add_action( 'woocommerce_checkout_update_order_meta', 'my_custom_checkout_field_update_order_meta' );
function my_custom_checkout_field_update_order_meta( $order_id ) {
if ( ! empty( $_POST['my_field_name'] ) ) {
update_post_meta( $order_id, 'My Field', sanitize_text_field( $_POST['my_field_name'] ) );
}
}
In your case you don't need that as address fields are already processed by Woocommerce.
在您的情况下,您不需要,因为Woocommerce已经处理了地址字段。
For custom special fields: The answer is yes (which is not your case)
对于自定义特殊字段:答案是肯定的 (这不是您的情况)
As you can see in this code they use
sanitize_text_field()
WordPress function, when saving the submitted data to database withupdate_post_meta()
function…正如您在此代码中看到的,当使用
update_post_meta()
函数将提交的数据保存到数据库时,他们使用sanitize_text_field()
WordPress函数...This is only for custom checkout fields and not for existing checkout fields , that already get their own process…
这仅适用于自定义结帐字段,而不适用于已经获得自己流程的现有结帐字段 ...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.