How to submit/upload data to database and in specific folder?

Part 1: Form Handling

Firstly, lets fix your upload form handling. You should never send the user to a dedicated PHP file for processing, wether it’s a form or an upload because:

  • The file then has to bootstrap WordPress to use the WP API, tightly coupling it to your folder structure, and introducing fragility
  • The file will work even if the plugin has been disabled, introducing a security risk
  • It’s no longer possible to modify and intercept the form handling code from elsewhere
  • Numerous disadvantages regarding caching systems and performance

WordPress is a CMS, and you should let WordPress handle requests. Your job is to tell it what to do with those requests.

So this is how you handle a form:

template:

<form method="post">
    <?php wp_nonce_field( 'allens_form', 'allens_form_nonce' ); ?>
    <input type="hidden" name="allens_form" value="allens_form">
    ... form fields
</form>

In a plugin or theme functions.php:

add_action( 'init', 'allens_form_handler');
function allens_form_handler() {
    if ( empty( $_POST['allens_form'] ) ) {
        return; // this isn't a form submission
    }
    if ( ! wp_verify_nonce( $_POST['allens_form_nonce'], 'allens_form' )  ) {
        return; // invalid or missing nonce! Something dodgy's going on here
    }
    // process form data
}

Also notice the addition of a nonce. This should greatly increase the security of your form from certain types of attacks. Consider asking a new question on this site for a more comprehensive answer of what nonces are and what they protect against.

It may be tempting to use the same strategy for AJAX and use an AJAX endpoint file, but as I mentioned above, this is a bad idea for similar reasons. Instead, use the WP AJAX api, or register a REST API endpoint.

Part 2: Uploading Videos

All uploads go in the uploads folder. On a lot of systems the folder may be in a different place, and may be the only place in the filesystem that WordPress can write to. Your plugin folder should only contain code and assets, it should not contain user content.

The important missing piece of information here is post types.

All posts in WordPress have a ‘type’. Posts are of type ‘post’, Pages are of type ‘page’, etc, they’re all stored the same way in the database. There are other types of post too, but the one you should be interested in is the attachment post type.

When you upload anything into the media library, it’s put in the uploads folder, but WordPress doesn’t look in that folder to find uploads. Instead, when an upload is made, it creates a post of type attachment, and those attachment posts are what you see in the admin area.

Attachment post types contain information, such as the name of the attachment, where it can be found in the uploads folder, what type of file it is, the author, and other post meta depending on the type of media. These are what you want to use for your video uploads.

As posts can have parents, you’ll find that images uploaded and inserted into a post have this relation. Those images will be attachments, and the attachment posts parent is the post they appear in. This is also how featured images work, posts have a custom field/post meta that holds the ID of an attachment post. Said post is the image attachment for the featured image.

Importantly, there are several functions that you will find incredibly handy in implementing your upload, but the one you will find the most useful is this:

media_handle_upload( $file_id, $post_id, $post_data, $overrides );

This function when given the appropriate arguments will take your uploaded file, move it to the correct location, create an attachment post for you, and fill it with all the necessary metadata.

What you then do with the attachment post is up to you, but you will want to save the ID somewhere useful, and always refer to it by its ID. Never store the URL of an attachment. To get the URL for displaying on the page, use this function:

$url = wp_get_attachment_url( $attachment_id );

Be sure to check that the function worked, $url may be an error object, or a false value.

Related Posts:

  1. How can I add an image upload field directly to a custom write panel?
  2. Checking if a file is already in the Media Library
  3. Standard location for plugin to save/cache files?
  4. Saving data-URI to media library
  5. Can I use the wp media uploader for my own plugin?
  6. Change Media Uploader default directory
  7. Changing upload directory for plugin uploads only
  8. Upload file to remote storage
  9. Why are two functions over-riding each other?
  10. WordPress Media mime type filter problem 4.0
  11. Using the component outside the editor. select(‘core’) is null
  12. Proper way to hook wp_get_attachment_url
  13. Getting Details Of Uploaded Image
  14. Sharing a common set of image files for media library, across all sites within multisite
  15. Uploading images from a custom page using blueimp uploader?
  16. Hook to get image filename when it is uploaded
  17. How to send email in wordpress with more than one attachments
  18. Using the default wordpress uploader inside plugin
  19. Files automatically added
  20. What filter should I use to insert a button inside on Media>Add New
  21. Changing upload dir in a plugin regardless of post type
  22. How to replicate Media Library “Add New” on Plugin Settings Page
  23. Plugin writing: access file that was just uploaded
  24. Custom delete option button in plugin settings
  25. How to enable sorting in custom media uploader in plugin
  26. Create a new post using rest api and save featured image using an external image url
  27. Why is the temporary upload always 4.1K
  28. Upload multiple images and insert them into custom html code
  29. wp_editor add media button not working
  30. WordPress Specified file failed upload test
  31. How to create a digital product download link that can’t be used twice?
  32. Cleaning a filename after image sideloading a url that contains `%20`
  33. Get audio metadata on file upload
  34. How to move an image in a plugin to the upload directory and make it as a media of wordpress?
  35. Why doesn’t update_post_meta work for certain strings?
  36. wp.media Uncaught TypeError: Cannot read properties of undefined (reading ‘state’)
  37. Insert and read media from the WordPress library and call in the plugin
  38. Trying to rename a file upload as the hash of file content on wordpress
  39. Home page is not loading, where in other pages are displaying on the site
  40. WordPress5.2.3: Better File Download Plugin validation issue
  41. WordPress discards PNG file when uploading plugin file
  42. Hook for validating and rejecting frontend image upload
  43. Changed media upload path for plugin, but generates error & shows wrong url
  44. How to destroy or dispose wordpress uploder/manager?
  45. Displaying $_FILES data (simlar to $_POST)
  46. Changing upload directory for plugin uploads only
  47. How do you filter get_media_items by mime type in a custom media upload tab?
  48. Is it possible to convert various image types from remote URLs to WebP and then serve them immediately?
  49. upload script in plugin development [duplicate]
  50. Leveraging Core Functionality in Icon Upload Plugin [closed]
  51. Upload to a specific media folder created by FileBird Lite
  52. Load images from CDN and custom features to “Add Media” dialogue
  53. upload image to wordpress media library failed for custom post type
  54. dbDelta not creating tables
  55. How to implement color picker from wordpress in my plugin?
  56. Nonces can be reused multiple times? Bug / Security issue?
  57. How to Add a .js file Only in one specific Page Dynamically to Head
  58. Displaying search results in the widget itself?
  59. Missing “category_children” option when dynamically creating categories via a plugin
  60. Looking for callback function after Gutenberg is rendered?
  61. How to duplicate a curl XML request using HTTP API?
  62. Widget Admin – Form Submit Event?
  63. WordPress security issue to output data from user input from theme option form
  64. how do you prevent showing a particular category on the admin dashboard for specific user roles?
  65. how query string in wordpress receive the value other than post and page [duplicate]
  66. Is there no admin ui guide for 4.x?
  67. Is there an event or an other method that tells me the preview is loaded?
  68. Do I have to worry about useState causing a re-render?
  69. Widget Dropdown doesn’t working
  70. mysql_real_escape_string() vs. esc_sql() in WordPress
  71. Display list of uploaded images, filtered by user under a specific user group
  72. Is it possible for a plugin to force reading and writing of uploaded images to a database instead of to a filesystem?
  73. How to enqueue scripts in right way in a plugin?
  74. How To Update WordPress Custom Plugin For Customer? [closed]
  75. AJAX request not routing through proxy
  76. Why won’t this submenu page show? – My First WordPress Plugin
  77. Multiple dynamic Tax Query – pass taxonomy argument from array
  78. ACF Field value in wordpress login message filter
  79. ajax stopped working when not logged in wordpress
  80. Overriding the template files using a plugin for all themes
  81. implementing socket.io with wordpress
  82. Determine if the current page, is being edited
  83. List Table action argument not cleared
  84. Fullwidth slider using background image Flexslider WordPress
  85. Return value of $wpdb->update() query in plugin is wrong
  86. Plugin files not updated (cache cleared)
  87. How to limit the number of posts a user can view based on status
  88. WordPress permalink setting
  89. Error when trying to save custom post type settings (ERROR: options page not found)
  90. Developing a plugin, ran it through P3 Profiler, shows up slow, but I don’t know why
  91. WordPress plugin tables become corrupt
  92. How to call a new php page inside a plugin page?
  93. If I want to create new taxonomies (e.g. Project / Documents / Etc…) is it better to create them in the theme’s functions.php or within a plugin? [duplicate]
  94. Is the only way to add taxonomy terms via an admin panel?
  95. How to display .ptm file in my WP site without JAVA
  96. register_activation_hook doesn’t execute without add_action(‘init’,’some-function’)
  97. Getting similar posts by custom field value
  98. Does WP REST API cache internally executed (rest_do_request) requests?
  99. Trouble Importing whatsapp-web.js in a WordPress Plugin Development
  100. ‘useSate’ error when using React on the frontend in custom block plugin