Sanitize get_query_var() url parameters
I am currently working on a site and testing its security. One of the pages has a sort feature where I pass a url parameter on how I would like the content sorted.
This works fine, but I tried to send malicious code as well:
header.php file under
Sort : <?= get_query_var('sort') ?>.
I want to sanitize this input so that it will never execute such a script, how can I do this?