Is not using admin-ajax to ajax submissions okay?

I checked your code and some of the things are not OK. I suggest you to consider the following:

1.) Your AJAX endpoint is not protected

Currently anyone can send requests to your AJAX endpoint and enter data from anywhere, to solve this make use of WordPress nonces.

The principle is to create a nonce server-side, send the same nonce(you either print it into the header and get with jQuery, then merge with the data object you are obtaining from the serialize() method) from the AJAX call in the data object. The final step is to verify the nonce using the method wp_verify_nonce() before saving the data and if the nonce is invalid simply don’t proceed to save the data.

2.) You need more validation

As i can see in the code you don’t validate any of the $_POST array variables. This is a huge problem and you will get a lot of data that is damaged or no sense.

Related Posts:

  1. WordPress AJAX File Upload – FrontEnd
  2. jQuery and AJAX Not working with Select Form Element
  3. How to Use JSON With AJAX?
  4. Registration e-mail check with AJAX
  5. Admin wp_ajax hook returning 0
  6. Accept AJAX call with serialized form data
  7. Frontend Post with JQuery AJAX to Php Issue
  8. Ajax form submit not working, returns 0
  9. WordPress Insert not working with ajax
  10. Converting a working AJAX form to work with WordPress
  11. jQuery forms & updating info
  12. $_POST empty in using new php file added to theme
  13. Customize wp-admin form custom fields
  14. jQuery form plugin, submit in the wordpress way
  15. Dynamically populate Cascading Dropdown from MySQL using JQuery/AJAX [closed]
  16. Pass request headers in a jQuery AJAX GET call
  17. Ajax Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource
  18. Validate form before submit jquery
  19. How to manage ajax calls and JSON in wordpress
  20. How to add a ” waiting” icon for an ajax in WP frontend?
  21. What is the simplest ajax upload plugin or script to be used with wordpress?
  22. WordPress Ajax URL for function in functions.php
  23. AJAX function returning -1
  24. call shortcode in javascript
  25. AJAX handler throws 400 (Bad request) – why?
  26. jQuery AJAX form validation
  27. AJAX Implementation
  28. Proper way to load a single post via Ajax?
  29. Add X meta box inputs based on form at top of meta box, how to do it right?
  30. Trying to get single posts to load on the front page via ajax
  31. Ajax not firing properly using Firefox, but works in Chrome
  32. jQuery Ajax() doesn’t work when the page is accessed as a WordPress template page
  33. POST from jQuery to PHP
  34. How to load whole WordPress pages dynamically with AJAX/jQuery like this following website?
  35. Creating custom AJAX requests
  36. How to pass jQuery ajax URL value
  37. how to get the comment ID in the front end when the REPLY button is clicked?
  38. Gravity Forms not loading under https, jQuery is not defined
  39. Gravity list field override and adding javascript [closed]
  40. Adding a character counter to the excerpt metabox
  41. wp_verify_nonce not working
  42. Tags in WordPress 3.2
  43. php ajax problem – weird 301 responses!
  44. jQuery Ajax passing empty parameters to my function?
  45. WordPress customizer refresh screen after save
  46. Can’t load a class into WordPress post editor’s content field
  47. Making the wordpress login form a jQuery dropdown
  48. Not sure why wp_ajax isn’t working?
  49. Load created php file data via ajax
  50. WordPress Ajax problem with undefined url
  51. Hide metabox dependant on page template chosen
  52. Intergrating agile carousel to wordpress: how to write the ajax_callback function
  53. AJAX Loaded Glossary like Search results with links to other entries from custom table
  54. How to Dynamically Load Content Into Body of Bootstrap Modal Window?
  55. Return an array from get_terms and store as JavaScript array for search autocomplete
  56. WP http XML response HTML encoding and image display problems
  57. Using WP_Query to grab custom meta values, foreach to json object
  58. Add/remove action on jQuery toggle
  59. How to get all users by custom current user meta (array)?
  60. wp_dequeue_script not working in my plugin
  61. AJAX fileupload – TypeError: not a function ajaxSubmit()
  62. delete post meta by AJAX
  63. url – ajax loaded but no JS
  64. how to json_encode(); the Loop content so that the encoded array is [“0”:content, “1”:content]
  65. Properly embed javascript into WP (using function.php) – doesn’t work?
  66. jQuery tabs plugin with callback to fetch data
  67. jQuery will not work on page from snippet or file
  68. Required radio button does not validate in form, when clicked through Javascript/jQuery
  69. No Object Properties sending form through AJAX
  70. Redirect wp_dropdown_pages() to an AJax request?
  71. Live search from database table
  72. Applying jquery to WordPress admin edit.php
  73. Duplicate “default” form with jQuery
  74. click event to unhide something after ajax not firing
  75. Search query with Ajax
  76. how to use wp_editor() here am getting empty result
  77. admin ajax php success returns 0
  78. problems with jquery external rss feed integration
  79. AJAX calendar navigation returns -1
  80. my example with ajax doesn’t work
  81. wordpress mysql / wpdb ajax load more for terms help
  82. How to setup multi-page using jquery?
  83. How to submit the date with ajax?
  84. Issue developing an AJAX form with WordPress
  85. Ajax call not working anymore
  86. Get ajaxForm response value
  87. Error while submitting form using AJAX and php
  88. Autocomplete for titles via ajax – rework of past post away from like_escape()
  89. Ajax Request with jQuery not happening
  90. wp_signon not working fine and 302 moved temporarily?
  91. how to refresh index page without reloading browser using ajax
  92. Ajax request with jQuery without WP_ajax
  93. ajax form function error
  94. jQuery .change() Event Bubbling in WP Admin
  95. Contact Form 7 submission does not complete [closed]
  96. Using WP Ajax and jQuery to process multiple forms on the same page?
  97. Combo box populating a DIV using ajax/jquery
  98. Contact Form 7 checkbox to add a new class to a div [closed]
  99. Infinite Scroll applied to ajax loaded content
  100. Contact Form 7 – Submit Form not working After Ajax Request [closed]