Best practice to sanitize AJAX input in a Themeforest Wordpress Project


#1

Hello. I want to use AJAX in my application and send a request to admin ajax as follows. What’s the difference between those two approaches? What’s the best practice to sanitize a given POST input?

Is it enough to use wp_filter_kses as follows?

add_action("wp_ajax_nopriv_get_next_post_with_ajax", "my_handler");
function my_handler($args) {
   $posts_not_in = wp_filter_kses($_POST["my_field"]);   .   
   $args = array('post__not_in'     => $posts_not_in_array); 
   $posts = query_posts($args);
}

or this one:

$posts_not_in = sanitize_text_field(wp_unslash($_POST["my_field"]));

Would it be an overkill to merge these two?

$posts_not_in = wp_filter_kses(sanitize_text_field(wp_unslash($_POST["my_field"])));

#2

What is going to be in “my_field”? Only numbers?


#3

Let’s say it’s a string or anything. I’m asking a general question for any type of input.