First of all I want to tell that I am new in wordpress not very new but 2 months.
My question are :-
- Is it right to use esc_attr()
-
and the right way as I am using is it right or not
function dr_enable_and_disable_header() {
$options = get_option( 'custom_header' );
$checked = ( isset($options) && $options == 1 ? 'checked' : '');
echo '<lable><input type="' . esc_attr('checkbox') . '" id="' . esc_attr('custom_header') . '" name="' . esc_attr('custom_header') . '" value="' . esc_attr('1') . '" '. $checked .'> Activate Custom Header</lable>';
}
No you don’t need esc_attr() function to print out fixed static text.
You only need it to print out dynamic or generated text, so that if the attributes have any special characters that may break your HTML, esc_attr will escape that properly.
In your particular case, you can just write:
echo '<label><input type="checkbox" id="custom_header" name="custom_header" value="1" '. $checked .'> Activate Custom Header</label>';
However, if you had any generated or user input text, then you should’ve used esc_attr(). For example:
$style = "__Some generated text from database or user input__";
echo '<label><input type="checkbox" id="custom_header" name="custom_header" value="1" '. $checked .' style="' . esc_attr($style) . '"> Activate Custom Header</label>';
