There are a significant number of security issues with the code posted so far, most of which can be solved by using the various APIs provided.
A lot of what you want can be massively simplified if you use the REST API:
<?php
add_action( 'rest_api_init', function () { // only run this when the REST API says it's setting things up
register_rest_route(
'chetan/v1', '/color/', // our namespace and the name of the endpoint to call via AJAX, /wp-json/chetan/v1/color
array(
'methods' => 'POST', // are you using GET POST PUT etc
'callback' => 'chetan_rest_set_color', // the function to call
'permission_callback' => function () {
return current_user_can( 'manage_options' ); // admins only
}
)
);
} );
function chetan_rest_set_color( \WP_REST_Request $req ) {
$color = esc_html( $_POST['color'] );
// set the colour
// $result = ...
return $result;
}
And javascript:
<script>
jQuery(document).ready( function() {
jQuery("#color-submit").click(function() {
jQuery.ajax({
async:false,
type:"POST",
url:"<?php echo home_url( '/wp-json/chetan/v1/color/' ); ?>",
data: jQuery("#color-form").serialize(),
dataType:'json',
success:function(response){
alert(response.msg);//var object = JSON.parse(response);
jQuery(".jumbotron").css({"background-color":"#FF8745"});
//alert(response['msg']);
var obj=response.msg;
console.log(obj);
}
});
});
});
</script>
Notes
This will require PHP 5.3+ and WordPress 4.5+. Keep in mind that the oldest supported PHP is v5.6, and the WordPress is currently at v4.6
Also:
- Never make calls to PHP files in your plugins or themes, this is dangerous, be it via AJAX, or a form submission. All requests should go through WordPress ( it is a CMS afterall )
- Always check permissions, else any random joe from 4Chan or reddit could change your settings without your permission
- Sanitise and validate. What if the color isn’t a hex value but a piece of SQL that dumps all the passwords?
- Indent correctly! The code provided had major indenting issues, making the code near unreadable. This should never happen, your editor should be doing this all for you effortlessly. Programs such as PHPStorm or Sublime Text can even re-indent and format your existing code for you, and will indent as you type
- The sql being used is incorrect, no table is specified, no row ID, I strongly doubt that a custom query is even necessary, consider theme mods, options or the various types of meta
The above code can be simplified further by localising the URL path of the endpoint using:
wp_localize_script( 'chetan_js', 'chetan_js', array(
'url' => home_url( 'wp-json/chetan/v1')
) );
Letting you remove the inline PHP in your javascript so that you can do this instead:
type:"POST",
url: chetan_js.url+"/color",
data: jQuery("#color-form").serialize(),
Now you can place your javascript in an external file instead of inlining it