Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

WordPress How to Build a WordPress Plugin Building a WordPress Plugin Settings Page Admin Area Forms in WordPress

Benjamin White
Benjamin White
5,388 Points

Problem with challenge, using esc_html.

Building a Wordpress Plugin Settings Page, Challenge Task 2 of 3.

I can not pass task 2 with this code, and do not know where I am wrong. It keeps telling me that esc_html should be used to sanitize the value of 'my_plugin_username'. I passed the first challenge task, which included the second 'if' statement, along with the $hidden_field variable, as typed.

<?php

function my_plugin_options_page() {

if (!current_user_can('manage_options')) {
wp_die('You do not have sufficient permissions to access this page.');
}

  if ( isset( $_POST['my_plugin_hidden_field_submitted'] ) ) {
    $hidden_field = esc_html($_POST['my_plugin_hidden_field_submitted'] );

    if ( $hidden_field == 'Y' ) {
      $my_plugin_username = esc_html( $_POST['my_plugin_username'] );
    }    
  }

}

?>

3 Answers

Benjamin White
Benjamin White
5,388 Points

Nevermind. Removed the $hidden_field variable altogether, and "submitted" from 'my_plugin_hidden_field_submitted':

<?php

function my_plugin_options_page() {

    if (!current_user_can('manage_options')) {
        wp_die('You do not have sufficient permissions to access this page.');

        if( isset( $_POST['my_plugin_hidden_field']) ) {
            $my_plugin_username = esc_html( $_POST['my_plugin_username'] );
        }
    }

}

?>
Joe Bruno
Joe Bruno
35,909 Points

Perhaps the error resides in misspelling "submitted" in your first "if" statement?

Benjamin White
Benjamin White
5,388 Points

Good catch, but that isn't the problem. ( I had answered with it typed correctly, the above code is actually a copy of my third attempt). Will edit my code in question.

Melissa Garza
Melissa Garza
12,671 Points

I ran into this same problem as well because I had also used the $hidden_field variable similar to the video. The code checker probably just looked for the first esc_html it could find to check that it was $_POST['my_plugin_username'] being passed in or something, ignoring the correct one further down.

Note: The first task did say to put a new if statement after the first one, so you had that correct from the beginning. ("Below the first if statement, write a conditional statement to test if the my_plugin_hidden_field input field has been submitted.") Code checker doesn't care in the end, though.

This was also accepted, for others stumbling upon the same problem :)

<?php

function my_plugin_options_page() {

  if (!current_user_can('manage_options')) {
    wp_die('You do not have sufficient permissions to access this page.');
  }

  if (isset($_POST['my_plugin_hidden_field'])) {
    $my_plugin_username = esc_html($_POST['my_plugin_username']);
  }

}

?>