How to call WordPress functions from a form processing script
I'm working on a plugin which submits data via a form from a custom admin page. This is a simplified version of my form:
<form action="<?php echo plugin_dir_path(); ?>/process.php" method="post">
<input type="text" name="keyName">
<input type="submit" value="Update">
</form>
The form is inside my main php file for the plugin, so it has access to all the WordPress functions like the plugin_dir_path() I called above.
However when the user clicks the "submit" button, and the $_POST variable is submitted to the "process.php" script, I lose access to all the WordPress functions in that process script.
I searched how to add WordPress functions into external scripts and I saw this question: How can I call WordPress core functions in external scripts?
The answer provided is that I include this line of code at the top of my processing script:
require_once("wp-load.php");
However when I do the "wp-load.php" is appended to the end of the current url which results in a 404 type error. I can't use the "get_site_directory()" function to point to the main WordPress install directory because it's a WordPress function.
How can I make this work? Is there an action hook I should be using to submit the form vs my own custom submit button?
functions forms
edited Nov 18 '18 at 9:00
Krzysiek Dróżdż
15.9k63045
asked Nov 18 '18 at 7:38
YAHsavesYAHsaves
1134
add a comment |
I'm working on a plugin which submits data via a form from a custom admin page. This is a simplified version of my form:
<form action="<?php echo plugin_dir_path(); ?>/process.php" method="post">
<input type="text" name="keyName">
<input type="submit" value="Update">
</form>
The form is inside my main php file for the plugin, so it has access to all the WordPress functions like the plugin_dir_path() I called above.
However when the user clicks the "submit" button, and the $_POST variable is submitted to the "process.php" script, I lose access to all the WordPress functions in that process script.
I searched how to add WordPress functions into external scripts and I saw this question: How can I call WordPress core functions in external scripts?
The answer provided is that I include this line of code at the top of my processing script:
require_once("wp-load.php");
However when I do the "wp-load.php" is appended to the end of the current url which results in a 404 type error. I can't use the "get_site_directory()" function to point to the main WordPress install directory because it's a WordPress function.
How can I make this work? Is there an action hook I should be using to submit the form vs my own custom submit button?
functions forms
edited Nov 18 '18 at 9:00
Krzysiek Dróżdż
15.9k63045
asked Nov 18 '18 at 7:38
YAHsavesYAHsaves
1134
add a comment |
I'm working on a plugin which submits data via a form from a custom admin page. This is a simplified version of my form:
<form action="<?php echo plugin_dir_path(); ?>/process.php" method="post">
<input type="text" name="keyName">
<input type="submit" value="Update">
</form>
The form is inside my main php file for the plugin, so it has access to all the WordPress functions like the plugin_dir_path() I called above.
However when the user clicks the "submit" button, and the $_POST variable is submitted to the "process.php" script, I lose access to all the WordPress functions in that process script.
I searched how to add WordPress functions into external scripts and I saw this question: How can I call WordPress core functions in external scripts?
The answer provided is that I include this line of code at the top of my processing script:
require_once("wp-load.php");
However when I do the "wp-load.php" is appended to the end of the current url which results in a 404 type error. I can't use the "get_site_directory()" function to point to the main WordPress install directory because it's a WordPress function.
How can I make this work? Is there an action hook I should be using to submit the form vs my own custom submit button?
functions forms
edited Nov 18 '18 at 9:00
Krzysiek Dróżdż
15.9k63045
asked Nov 18 '18 at 7:38
YAHsavesYAHsaves
1134
I'm working on a plugin which submits data via a form from a custom admin page. This is a simplified version of my form:
<form action="<?php echo plugin_dir_path(); ?>/process.php" method="post">
<input type="text" name="keyName">
<input type="submit" value="Update">
</form>
The form is inside my main php file for the plugin, so it has access to all the WordPress functions like the plugin_dir_path() I called above.
However when the user clicks the "submit" button, and the $_POST variable is submitted to the "process.php" script, I lose access to all the WordPress functions in that process script.
I searched how to add WordPress functions into external scripts and I saw this question: How can I call WordPress core functions in external scripts?
The answer provided is that I include this line of code at the top of my processing script:
require_once("wp-load.php");
However when I do the "wp-load.php" is appended to the end of the current url which results in a 404 type error. I can't use the "get_site_directory()" function to point to the main WordPress install directory because it's a WordPress function.
How can I make this work? Is there an action hook I should be using to submit the form vs my own custom submit button?
functions forms
functions forms
edited Nov 18 '18 at 9:00
Krzysiek Dróżdż
15.9k63045
asked Nov 18 '18 at 7:38
YAHsavesYAHsaves
1134
edited Nov 18 '18 at 9:00
Krzysiek Dróżdż
15.9k63045
asked Nov 18 '18 at 7:38
YAHsavesYAHsaves
1134
edited Nov 18 '18 at 9:00
Krzysiek Dróżdż
15.9k63045
edited Nov 18 '18 at 9:00
Krzysiek Dróżdż
15.9k63045
edited Nov 18 '18 at 9:00
Krzysiek Dróżdż
15.9k63045
15.9k63045
asked Nov 18 '18 at 7:38
YAHsavesYAHsaves
1134
asked Nov 18 '18 at 7:38
YAHsavesYAHsaves
1134
asked Nov 18 '18 at 7:38
YAHsavesYAHsaves
1134
1134
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
You should never post anything to plugins files directly. It's almost always a security flaw and it prevents site owner from hardening the site properly (in perfect situation no requests to PHP files inside wp-content should be necessary at all)
Good practice is that you use admin_post actions... (similar to admin_ajax).
So your form should look like so:
<form action="<?php echo esc_attr('admin-post.php'); ?>" method="post">
<input type="hidden" name="action" value="my_action" />
<input type="text" name="keyName">
<input type="submit" value="Update">
</form>
And then in your plugin you add your action method:
add_action( 'admin_post_my_action', 'prefix_admin_my_action' );
add_action( 'admin_post_nopriv_my_action', 'prefix_admin_add_foobar' );
function prefix_admin_my_action() {
// Handle request then generate response using echo or leaving PHP and using HTML
}
PS. It's always a good idea to include some nonces inside that form too.
answered Nov 18 '18 at 8:56
Krzysiek DróżdżKrzysiek Dróżdż
15.9k63045
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "110"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fwordpress.stackexchange.com%2fquestions%2f319546%2fhow-to-call-wordpress-functions-from-a-form-processing-script%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
You should never post anything to plugins files directly. It's almost always a security flaw and it prevents site owner from hardening the site properly (in perfect situation no requests to PHP files inside wp-content should be necessary at all)
Good practice is that you use admin_post actions... (similar to admin_ajax).
So your form should look like so:
<form action="<?php echo esc_attr('admin-post.php'); ?>" method="post">
<input type="hidden" name="action" value="my_action" />
<input type="text" name="keyName">
<input type="submit" value="Update">
</form>
And then in your plugin you add your action method:
add_action( 'admin_post_my_action', 'prefix_admin_my_action' );
add_action( 'admin_post_nopriv_my_action', 'prefix_admin_add_foobar' );
function prefix_admin_my_action() {
// Handle request then generate response using echo or leaving PHP and using HTML
}
PS. It's always a good idea to include some nonces inside that form too.
answered Nov 18 '18 at 8:56
Krzysiek DróżdżKrzysiek Dróżdż
15.9k63045
add a comment |
You should never post anything to plugins files directly. It's almost always a security flaw and it prevents site owner from hardening the site properly (in perfect situation no requests to PHP files inside wp-content should be necessary at all)
Good practice is that you use admin_post actions... (similar to admin_ajax).
So your form should look like so:
<form action="<?php echo esc_attr('admin-post.php'); ?>" method="post">
<input type="hidden" name="action" value="my_action" />
<input type="text" name="keyName">
<input type="submit" value="Update">
</form>
And then in your plugin you add your action method:
add_action( 'admin_post_my_action', 'prefix_admin_my_action' );
add_action( 'admin_post_nopriv_my_action', 'prefix_admin_add_foobar' );
function prefix_admin_my_action() {
// Handle request then generate response using echo or leaving PHP and using HTML
}
PS. It's always a good idea to include some nonces inside that form too.
answered Nov 18 '18 at 8:56
Krzysiek DróżdżKrzysiek Dróżdż
15.9k63045
add a comment |
You should never post anything to plugins files directly. It's almost always a security flaw and it prevents site owner from hardening the site properly (in perfect situation no requests to PHP files inside wp-content should be necessary at all)
Good practice is that you use admin_post actions... (similar to admin_ajax).
So your form should look like so:
<form action="<?php echo esc_attr('admin-post.php'); ?>" method="post">
<input type="hidden" name="action" value="my_action" />
<input type="text" name="keyName">
<input type="submit" value="Update">
</form>
And then in your plugin you add your action method:
add_action( 'admin_post_my_action', 'prefix_admin_my_action' );
add_action( 'admin_post_nopriv_my_action', 'prefix_admin_add_foobar' );
function prefix_admin_my_action() {
// Handle request then generate response using echo or leaving PHP and using HTML
}
PS. It's always a good idea to include some nonces inside that form too.
answered Nov 18 '18 at 8:56
Krzysiek DróżdżKrzysiek Dróżdż
15.9k63045
You should never post anything to plugins files directly. It's almost always a security flaw and it prevents site owner from hardening the site properly (in perfect situation no requests to PHP files inside wp-content should be necessary at all)
Good practice is that you use admin_post actions... (similar to admin_ajax).
So your form should look like so:
<form action="<?php echo esc_attr('admin-post.php'); ?>" method="post">
<input type="hidden" name="action" value="my_action" />
<input type="text" name="keyName">
<input type="submit" value="Update">
</form>
And then in your plugin you add your action method:
add_action( 'admin_post_my_action', 'prefix_admin_my_action' );
add_action( 'admin_post_nopriv_my_action', 'prefix_admin_add_foobar' );
function prefix_admin_my_action() {
// Handle request then generate response using echo or leaving PHP and using HTML
}
PS. It's always a good idea to include some nonces inside that form too.
answered Nov 18 '18 at 8:56
Krzysiek DróżdżKrzysiek Dróżdż
15.9k63045
answered Nov 18 '18 at 8:56
Krzysiek DróżdżKrzysiek Dróżdż
15.9k63045
answered Nov 18 '18 at 8:56
Krzysiek DróżdżKrzysiek Dróżdż
15.9k63045
answered Nov 18 '18 at 8:56
Krzysiek DróżdżKrzysiek Dróżdż
15.9k63045
15.9k63045
add a comment |
add a comment |
Thanks for contributing an answer to WordPress Development Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fwordpress.stackexchange.com%2fquestions%2f319546%2fhow-to-call-wordpress-functions-from-a-form-processing-script%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
