How to call WordPress functions from a form processing script





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty{ margin-bottom:0;
}






up vote
2
down vote

favorite












I'm working on a plugin which submits data via a form from a custom admin page. This is a simplified version of my form:



<form action="<?php echo plugin_dir_path(); ?>/process.php" method="post">
<input type="text" name="keyName">
<input type="submit" value="Update">
</form>


The form is inside my main php file for the plugin, so it has access to all the WordPress functions like the plugin_dir_path() I called above.



However when the user clicks the "submit" button, and the $_POST variable is submitted to the "process.php" script, I lose access to all the WordPress functions in that process script.



I searched how to add WordPress functions into external scripts and I saw this question: How can I call WordPress core functions in external scripts?



The answer provided is that I include this line of code at the top of my processing script:



require_once("wp-load.php");


However when I do the "wp-load.php" is appended to the end of the current url which results in a 404 type error. I can't use the "get_site_directory()" function to point to the main WordPress install directory because it's a WordPress function.



How can I make this work? Is there an action hook I should be using to submit the form vs my own custom submit button?










share|improve this question






























    up vote
    2
    down vote

    favorite












    I'm working on a plugin which submits data via a form from a custom admin page. This is a simplified version of my form:



    <form action="<?php echo plugin_dir_path(); ?>/process.php" method="post">
    <input type="text" name="keyName">
    <input type="submit" value="Update">
    </form>


    The form is inside my main php file for the plugin, so it has access to all the WordPress functions like the plugin_dir_path() I called above.



    However when the user clicks the "submit" button, and the $_POST variable is submitted to the "process.php" script, I lose access to all the WordPress functions in that process script.



    I searched how to add WordPress functions into external scripts and I saw this question: How can I call WordPress core functions in external scripts?



    The answer provided is that I include this line of code at the top of my processing script:



    require_once("wp-load.php");


    However when I do the "wp-load.php" is appended to the end of the current url which results in a 404 type error. I can't use the "get_site_directory()" function to point to the main WordPress install directory because it's a WordPress function.



    How can I make this work? Is there an action hook I should be using to submit the form vs my own custom submit button?










    share|improve this question


























      up vote
      2
      down vote

      favorite









      up vote
      2
      down vote

      favorite











      I'm working on a plugin which submits data via a form from a custom admin page. This is a simplified version of my form:



      <form action="<?php echo plugin_dir_path(); ?>/process.php" method="post">
      <input type="text" name="keyName">
      <input type="submit" value="Update">
      </form>


      The form is inside my main php file for the plugin, so it has access to all the WordPress functions like the plugin_dir_path() I called above.



      However when the user clicks the "submit" button, and the $_POST variable is submitted to the "process.php" script, I lose access to all the WordPress functions in that process script.



      I searched how to add WordPress functions into external scripts and I saw this question: How can I call WordPress core functions in external scripts?



      The answer provided is that I include this line of code at the top of my processing script:



      require_once("wp-load.php");


      However when I do the "wp-load.php" is appended to the end of the current url which results in a 404 type error. I can't use the "get_site_directory()" function to point to the main WordPress install directory because it's a WordPress function.



      How can I make this work? Is there an action hook I should be using to submit the form vs my own custom submit button?










      share|improve this question















      I'm working on a plugin which submits data via a form from a custom admin page. This is a simplified version of my form:



      <form action="<?php echo plugin_dir_path(); ?>/process.php" method="post">
      <input type="text" name="keyName">
      <input type="submit" value="Update">
      </form>


      The form is inside my main php file for the plugin, so it has access to all the WordPress functions like the plugin_dir_path() I called above.



      However when the user clicks the "submit" button, and the $_POST variable is submitted to the "process.php" script, I lose access to all the WordPress functions in that process script.



      I searched how to add WordPress functions into external scripts and I saw this question: How can I call WordPress core functions in external scripts?



      The answer provided is that I include this line of code at the top of my processing script:



      require_once("wp-load.php");


      However when I do the "wp-load.php" is appended to the end of the current url which results in a 404 type error. I can't use the "get_site_directory()" function to point to the main WordPress install directory because it's a WordPress function.



      How can I make this work? Is there an action hook I should be using to submit the form vs my own custom submit button?







      functions forms






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 18 at 9:00









      Krzysiek Dróżdż

      12.8k52637




      12.8k52637










      asked Nov 18 at 7:38









      YAHsaves

      1134




      1134






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          5
          down vote



          accepted










          You should never post anything to plugins files directly. It's almost always a security flaw and it prevents site owner from hardening the site properly (in perfect situation no requests to PHP files inside wp-content should be necessary at all)



          Good practice is that you use admin_post actions... (similar to admin_ajax).



          So your form should look like so:



          <form action="<?php echo esc_attr('admin-post.php'); ?>" method="post">
          <input type="hidden" name="action" value="my_action" />
          <input type="text" name="keyName">
          <input type="submit" value="Update">
          </form>


          And then in your plugin you add your action method:



          add_action( 'admin_post_my_action', 'prefix_admin_my_action' );
          add_action( 'admin_post_nopriv_my_action', 'prefix_admin_add_foobar' );

          function prefix_admin_my_action() {
          // Handle request then generate response using echo or leaving PHP and using HTML
          }


          PS. It's always a good idea to include some nonces inside that form too.






          share|improve this answer





















            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "110"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fwordpress.stackexchange.com%2fquestions%2f319546%2fhow-to-call-wordpress-functions-from-a-form-processing-script%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            5
            down vote



            accepted










            You should never post anything to plugins files directly. It's almost always a security flaw and it prevents site owner from hardening the site properly (in perfect situation no requests to PHP files inside wp-content should be necessary at all)



            Good practice is that you use admin_post actions... (similar to admin_ajax).



            So your form should look like so:



            <form action="<?php echo esc_attr('admin-post.php'); ?>" method="post">
            <input type="hidden" name="action" value="my_action" />
            <input type="text" name="keyName">
            <input type="submit" value="Update">
            </form>


            And then in your plugin you add your action method:



            add_action( 'admin_post_my_action', 'prefix_admin_my_action' );
            add_action( 'admin_post_nopriv_my_action', 'prefix_admin_add_foobar' );

            function prefix_admin_my_action() {
            // Handle request then generate response using echo or leaving PHP and using HTML
            }


            PS. It's always a good idea to include some nonces inside that form too.






            share|improve this answer

























              up vote
              5
              down vote



              accepted










              You should never post anything to plugins files directly. It's almost always a security flaw and it prevents site owner from hardening the site properly (in perfect situation no requests to PHP files inside wp-content should be necessary at all)



              Good practice is that you use admin_post actions... (similar to admin_ajax).



              So your form should look like so:



              <form action="<?php echo esc_attr('admin-post.php'); ?>" method="post">
              <input type="hidden" name="action" value="my_action" />
              <input type="text" name="keyName">
              <input type="submit" value="Update">
              </form>


              And then in your plugin you add your action method:



              add_action( 'admin_post_my_action', 'prefix_admin_my_action' );
              add_action( 'admin_post_nopriv_my_action', 'prefix_admin_add_foobar' );

              function prefix_admin_my_action() {
              // Handle request then generate response using echo or leaving PHP and using HTML
              }


              PS. It's always a good idea to include some nonces inside that form too.






              share|improve this answer























                up vote
                5
                down vote



                accepted







                up vote
                5
                down vote



                accepted






                You should never post anything to plugins files directly. It's almost always a security flaw and it prevents site owner from hardening the site properly (in perfect situation no requests to PHP files inside wp-content should be necessary at all)



                Good practice is that you use admin_post actions... (similar to admin_ajax).



                So your form should look like so:



                <form action="<?php echo esc_attr('admin-post.php'); ?>" method="post">
                <input type="hidden" name="action" value="my_action" />
                <input type="text" name="keyName">
                <input type="submit" value="Update">
                </form>


                And then in your plugin you add your action method:



                add_action( 'admin_post_my_action', 'prefix_admin_my_action' );
                add_action( 'admin_post_nopriv_my_action', 'prefix_admin_add_foobar' );

                function prefix_admin_my_action() {
                // Handle request then generate response using echo or leaving PHP and using HTML
                }


                PS. It's always a good idea to include some nonces inside that form too.






                share|improve this answer












                You should never post anything to plugins files directly. It's almost always a security flaw and it prevents site owner from hardening the site properly (in perfect situation no requests to PHP files inside wp-content should be necessary at all)



                Good practice is that you use admin_post actions... (similar to admin_ajax).



                So your form should look like so:



                <form action="<?php echo esc_attr('admin-post.php'); ?>" method="post">
                <input type="hidden" name="action" value="my_action" />
                <input type="text" name="keyName">
                <input type="submit" value="Update">
                </form>


                And then in your plugin you add your action method:



                add_action( 'admin_post_my_action', 'prefix_admin_my_action' );
                add_action( 'admin_post_nopriv_my_action', 'prefix_admin_add_foobar' );

                function prefix_admin_my_action() {
                // Handle request then generate response using echo or leaving PHP and using HTML
                }


                PS. It's always a good idea to include some nonces inside that form too.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 18 at 8:56









                Krzysiek Dróżdż

                12.8k52637




                12.8k52637






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to WordPress Development Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.





                    Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                    Please pay close attention to the following guidance:


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fwordpress.stackexchange.com%2fquestions%2f319546%2fhow-to-call-wordpress-functions-from-a-form-processing-script%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    AnyDesk - Fatal Program Failure

                    How to calibrate 16:9 built-in touch-screen to a 4:3 resolution?

                    QoS: MAC-Priority for clients behind a repeater