How to call WordPress functions from a form processing script

You should never post anything to plugins files directly. It’s almost always a security flaw and it prevents site owner from hardening the site properly (in perfect situation no requests to PHP files inside wp-content should be necessary at all)

Good practice is that you use admin_post actions… (similar to admin_ajax).

So your form should look like so:

<form action="<?php echo esc_attr('admin-post.php'); ?>" method="post">
    <input type="hidden" name="action" value="my_action" />
    <input type="text" name="keyName">
    <input type="submit" value="Update">
</form>

And then in your plugin you add your action method:

add_action( 'admin_post_my_action', 'prefix_admin_my_action' );
add_action( 'admin_post_nopriv_my_action', 'prefix_admin_add_foobar' );

function prefix_admin_my_action() {
    // Handle request then generate response using echo or leaving PHP and using HTML
}

PS. It’s always a good idea to include some nonces inside that form too.

Related Posts:

  1. How can I get $id variable in widget’s form function?
  2. Refresh page after form action
  3. contactform7 remove tags with “wpcf7_autop false” from functions.php
  4. Add new user : make the fields First Name and Last name required
  5. what is the meaning of settings_fields()
  6. update_post_meta for custom field not working upon form submission
  7. WordPress registration and contact form 7 [closed]
  8. Gravity Forms – Using a Form to Pre-populate A Gravity Form [closed]
  9. Ninja form Redirect depending on text field content [closed]
  10. WordPress upload_mimes not working for front-end uploads of 3D files
  11. Ajax not working properly
  12. Having a Function Inside of the Loop
  13. Removing custom meta data
  14. Is There Any Built In WP Functionality For Combining Form Fields To Return Specific Data
  15. wp_nonce_field is breaking form for reasons unknown
  16. Contact Form 7 If Condition
  17. How to properly refresh page after form action?
  18. Init action and refresh page after form action
  19. dynamic enquiry form [closed]
  20. This code is supposed to only allow user to be authenticated if accountVerified is equal to 1, but it still allows user to be authenticated otherwise
  21. Problems adding a new field to product in cart
  22. Postback redirect through add_action is not triggered
  23. Button click counter for login user
  24. How to change form action of wp-login page with a function
  25. WordPress Ajaxifying not working properly
  26. Sending Messages Back to the Template After Processing?
  27. us states dropdown function and echo in theme template files
  28. Adding custom field in menu options [duplicate]
  29. Gravity Forms After Submission – GFFormsModel::update_lead_field_value?
  30. Will my WordPress site become vulnerable after adding this functions which allows more HTML tags for subscribers?
  31. Help finishing script to export WP user data when form submitted
  32. Directing to functions.php the correct way
  33. WordPress Custom wp mail template return full template
  34. Get all users from role and add to dropdown (select) – wordpress, javascript
  35. Can’t find function which is called in a wordpress theme
  36. CF7 Remove Comma from ‘select’ ‘radio’ and ‘checkbox’ outouts
  37. Is it ok to use a function to output the text domain name in a wordpress theme
  38. How to override a function when isn’t at functions.php
  39. How to count number of functions attached to an action hook?
  40. Show modified time if post is actually modified
  41. ajax live search for post title
  42. Hourly Routine Not Firing ( wp_schedule_event() )
  43. Display Total Number of Social Shares
  44. Child theme – copied some files from parent to child website still uses parent files
  45. Using locate-template & shortcodes doesn’t appear to work
  46. Widgets Section not displaying in theme customizer
  47. add sidebar area to header of child theme
  48. Display a function using AJAX
  49. How to make unique add_filter to the_content of specific page template files – so each template gets its own addition
  50. Hide the Private prefix on one specific page
  51. How to test for Super Admin
  52. Adding a class to tag list in a function
  53. echo get_post_meta()
  54. Replace menu links with # and add name to its li
  55. Retrieve tags data in post body
  56. Remove H1 / title / Underscore – without CSS
  57. Custom Static Links For Specific Menu Right Before/Next The wp_nav_menu Function now working
  58. Change template on the fly based on post parent selection
  59. Current path on page in functions.php
  60. How do you publish a draft on WordPress
  61. How can I recompile js file in dist folder?
  62. Show Primary Category first when I display post categories
  63. Wp_query function to search from product_title ‘OR’ product tags name
  64. Setting youtube size in functions.php
  65. wp_get_archives custom function broken since upgrading to WP 3.7.1
  66. Functions when woocommerce isn’t installed
  67. How to get correct value from checked()?
  68. While loop with an exception after a count is reached
  69. Return child theme url
  70. Redefine function arguments before rendering
  71. Functions php shortcode for displaying main menu with no child items
  72. first paragraph of the_content as meta description
  73. get_terms (or tax_query) for term of current post?
  74. Do we need to change our child function.php to require/include child dir files when we add an over-riding file.php into the child theme
  75. Child theme functions.php
  76. How to echo Widget Title in Custom Frontend-Template Box
  77. Redirect to post after publish or update a published post
  78. Page Template Won’t Load Correct CSS File
  79. WordPress show bad the php hour and date
  80. show all the posts thumbnails
  81. the_excerpt function not showing image
  82. How to display this meta data (an array) in form of a function (created with a custom write panel)?
  83. WordPress – using sessions?
  84. Use a filter for wp_robots to block CPT/feed/
  85. Trigger email alert if file downloaded
  86. Completely Disable WordPress RSS Feeds
  87. Order column custom date using pre_get_posts
  88. query_vars treat as single var from URL
  89. Running javascript without hooking wp_head
  90. Remove text after a dot and a colon in Woocommerce product title
  91. Add meta data in head from theme
  92. what is `get_section()` and how to use it?
  93. How to echo the translated custom field?
  94. Only Show One Category Name Per Post
  95. Pass max posts to Javascript
  96. update_usermeta don’t work
  97. WP supersize not displaying when different languages flags are selected
  98. How do I make my child theme’s CSS update when I save it?
  99. Bulk set Post Title as Tag where Tag is Empty Function
  100. WordPress – Notice: Function wp_enqueue_script was called incorrectly

Leave a Comment