清理 WooCommerce 中的自定义结帐字段数据
Sanitize custom checkout fields data in WooCommerce
遵循 WooCommerce 结帐字段自定义文档:
Customizing checkout fields using actions and filters
我通过 functions.php 向 woocommerce 结帐页面添加了一个自定义字段。
我担心是否必须清理该自定义字段的用户输入?
我认为它不需要清理,因为它已传递到帐单字段,如:$fields['billing'],对吗?
如果不是,我该如何清理这个自定义字段?
创建此自定义字段旨在接受长度不超过 50 的文本字符串(拉丁文)和整数。
// Hook in
add_filter( 'woocommerce_checkout_fields' , 'custom_override_checkout_fields' );
// Our hooked in function - $fields is passed via the filter!
function custom_override_checkout_fields( $fields ) {
//Adding custom text field
$fields['billing']['billing_username'] = array(
'type' => 'text',
'label' => __('Your Username', 'woocommerce'),
'placeholder' => _x('', 'placeholder', 'woocommerce'),
'required' => true,
'class' => array('form-row-first'),
'clear' => true
);
return $fields;
}
如果您查看问题中链接的相关官方文档,您会得到以下片段:
/**
* Update the order meta with field value
*/
add_action( 'woocommerce_checkout_update_order_meta', 'my_custom_checkout_field_update_order_meta' );
function my_custom_checkout_field_update_order_meta( $order_id ) {
if ( ! empty( $_POST['my_field_name'] ) ) {
update_post_meta( $order_id, 'My Field', sanitize_text_field( $_POST['my_field_name'] ) );
}
}
In your case you don't need that as address fields are already processed by Woocommerce.
For custom special fields: The answer is yes (which is not your case)
As you can see in this code they use sanitize_text_field() WordPress function, when saving the submitted data to database with update_post_meta() function…
This is only for custom checkout fields and not for existing checkout fields, that already get their own process…
遵循 WooCommerce 结帐字段自定义文档:
Customizing checkout fields using actions and filters
我通过 functions.php 向 woocommerce 结帐页面添加了一个自定义字段。
我担心是否必须清理该自定义字段的用户输入?
我认为它不需要清理,因为它已传递到帐单字段,如:$fields['billing'],对吗?
如果不是,我该如何清理这个自定义字段?
创建此自定义字段旨在接受长度不超过 50 的文本字符串(拉丁文)和整数。
// Hook in
add_filter( 'woocommerce_checkout_fields' , 'custom_override_checkout_fields' );
// Our hooked in function - $fields is passed via the filter!
function custom_override_checkout_fields( $fields ) {
//Adding custom text field
$fields['billing']['billing_username'] = array(
'type' => 'text',
'label' => __('Your Username', 'woocommerce'),
'placeholder' => _x('', 'placeholder', 'woocommerce'),
'required' => true,
'class' => array('form-row-first'),
'clear' => true
);
return $fields;
}
如果您查看问题中链接的相关官方文档,您会得到以下片段:
/**
* Update the order meta with field value
*/
add_action( 'woocommerce_checkout_update_order_meta', 'my_custom_checkout_field_update_order_meta' );
function my_custom_checkout_field_update_order_meta( $order_id ) {
if ( ! empty( $_POST['my_field_name'] ) ) {
update_post_meta( $order_id, 'My Field', sanitize_text_field( $_POST['my_field_name'] ) );
}
}
In your case you don't need that as address fields are already processed by Woocommerce.
For custom special fields: The answer is yes (which is not your case)
As you can see in this code they use
sanitize_text_field()WordPress function, when saving the submitted data to database withupdate_post_meta()function…This is only for custom checkout fields and not for existing checkout fields, that already get their own process…