Is the regular ajax request method safe or I should use admin-ajax.php?

OMG… No, no, no!!! Never do that this way…

Why? There are many reasons…

  1. You won’t be able to do anything with users in your views.php – what if you’ll have to count only views by anonymous (not logged in) users?

  2. What if table_prefix is set to ”? Your posts table will cause conflicts…

  3. What if there are some plugins that operate on DB connection? You script will connect to wrong DB or cause other conflicts.

  4. What, if for security reasons your script won’t be runnable?

  5. There are many many other reasons, why you shouldn’t do it this way…

There is a reason for having best practices and standards. And life of all developers is way easier and nicer if everyone is coding according to these standards and practices… This way it’s easy to debug all AJAX calls, and so on…

So yes, you definitely should use admin-ajax.php and wp_localize_script, and $wpdb, and proper SQL escaping, and so on…

What’s the difference? won’t the ajax function be visible to the users?

Yes, it will be visible. But… It won’t be standard AJAX call – so it will be harder to understand…

Let’s make some quick experiment… Let’s take a look at these two codes:

1.

add_action( 'wp_ajax_get_post_status', 'ajax_get_post_status_callback' );
function ajax_get_post_status_callback() {
    $id = $_POST['id'];
    $post = get_post( $id );

    if ( $post ) {
        echo $post->post_status;
        die;
    }

    echo 0;
    die;
}

2.

include "ustawienia-polaczenia.php";
$i = $_POST['id'];
$wiersz = PostsQuery()::create()->filterById( array($i) )->find();
if ( $wiersz ) {
    echo $wiersz->post_status;
    die;
}

echo 0;
die;

Which one is easier to read? I bet the first one. Why? Because it uses WP core functions and everybody knows, how they work. I know (or I can easily check) what get_post function does, and so on. This code also respects all filters and actions – so it will generate no conflicts with other plugins…

On the other hand, the second code is just a mess… It includes some other file, it uses some strange DB connection (yes, it’s Propel). It’s even hard to guess if it’s the same DB or some other one and how exactly does it work. And it completely ignores any other plugins…

So yes – everyone will see that your code sends some strange AJAX and what file is responsible for processing it. The problem is that debugging your strange/custom code will consume much more time… And it’s much more probable that your code will create problems and conflicts…

Related Posts:

  1. How to disable controls in theme customizer?
  2. Is there a hack for using is_page() within the function.php file?
  3. Proper use of Output Buffer
  4. List of all theme customizer control types?
  5. Is having multiple theme customizers for different pages possible?
  6. function_exists call in function.php
  7. Debugging an error: wp_enqueue_style was called incorrectly
  8. Set the transport of the Customizer ‘header_image’ core setting to ‘postMessage’
  9. Can i check if user is doing any ajax request?
  10. simple wordpress ajax plugin not working when not logged in
  11. Hide a menu-item and its submenus and display a ‘Log in’ link if the user is logged out
  12. The best way to customize “nav-menu-template.php” to add if the ‘link_before’ is “checkbox”
  13. Design view breaking on Pages
  14. Understanding WordPress child theme custom JS loading
  15. Remove css styles from specific page
  16. Click loads template via ajax
  17. Can I change a variable in a content part while calling it?
  18. AJAX in WordPress, sending coords data to MySQL and show after into map
  19. Insert all post IDs in new database table
  20. How to speed up admin-ajax.php in wordpress
  21. My Own layout in WooCommerce pages [closed]
  22. Differences when using the the_time and the_date functions
  23. Ajax $wpdb not returning table data
  24. Set WordPress Default Template
  25. Checking for new message using AJAX and PHP. Server overload?
  26. Create another “Display Site Title and Tagline” checkbox, “Header Text Color” setting and control
  27. Load a page into a div with Ajax
  28. Converting HTML Template to WordPress Theme
  29. How to remove the cufon script from Dzonia Lite theme [closed]
  30. PHP 8, AJAX mail form to function.php doesn’t work
  31. How to check if a meta value has already been assigned to any user?
  32. what is the best practice to add new field to an api route
  33. Ajax request not sending to server and returning – wp-admin/admin-ajax.php 400
  34. Why ajax doesn’t work on certain wordpress hooks?
  35. populate form fields in a loop with ajax
  36. Error in custom php function doesn’t exist
  37. dynamic dependent select dropdown
  38. Populate editor with some content of a page with a page template
  39. how to make custom ajax handler?
  40. Skt full width basic slideshow problem
  41. $wpdb->wp_users returning empty value for
  42. Is the “_s” on this `sprintf(__(‘Page %s’, ‘_s’), max($paged, $page))` just refer to a text domain?
  43. WordPress admin-ajax.php
  44. What exactly do this function declared into functions.php file of a WP theme?
  45. How to call multiple functions from multiple files into a WordPress page template [closed]
  46. Using data sent via AJAX in multiple functions on a WP plugin
  47. Function won’t run onclick using Ajax
  48. What is the best way to define constant options for a theme?
  49. Simple AJAX notification when the new post is added to the database
  50. Issue with fetching mysql data and displaying results via shortcode in webpage
  51. A $_POST should occur when submit form but is not?
  52. Why i can’t get custom fields value or post ID via Ajax?
  53. Removing “Powered by” footer using child theme PHP [closed]
  54. get_page_templates only return templates with “home” in the filename
  55. How to get post category list as select in front-end?
  56. Extract and display user infromation on an automatically created page
  57. Show different website layout if no sidebar added
  58. Why when I create a new post I found 2 record related to this post into the posts database table?
  59. Execute Jquery when a specific page in my plugin is loading
  60. How can I assign separate stylesheets to different pages?
  61. Need advice on theme customizer and child themes
  62. How to make sure relative URL works when site is not on root domain?
  63. making php value numeric
  64. AJAX function not working [closed]
  65. Using Ajax to submit a form, and run a SQL Select query based on user input from the form
  66. Disclaimer that will show every refresh of the page
  67. Dynamically switch file in get_template_directory_uri() | Function [closed]
  68. Uncaught TypeError: extract(): Argument #1 ($array) must be of type array, null given
  69. Store ajax data in PHP variable
  70. Multiple AJAX handler functions conflict in functions.php
  71. Ajax filter with loadmore button
  72. How to change PHP variables with AJAX request in WordPress
  73. How to change this ajax function to submit to the default wordpress content area instead of the custom field ‘seller notes’?
  74. get_the_author_meta( ‘ID’ ) just return 1
  75. Update $wpdb query with AJAX
  76. WordPress Ajax filter: Create two loops for different output styles?
  77. Need help with AJAX login to call php in functions.php to handle redirects based on user cap (role)
  78. ajaxurl usage for a custom function
  79. How to call a function from functions.php with ajax?
  80. Custom Post type Ajax search results
  81. Theme editing “post thumbnail” help
  82. Prepared DB Query from _POST array
  83. Find the method which AJAX GET calls
  84. How can I display a query in a page?
  85. AJAX Returning Way Too Many Posts
  86. Where can I find the declaration of `$_wp_theme_features`?
  87. Calling PHP function doesn’t work in index.php
  88. wordpress ajax return 0
  89. Modify category archive page loop on functions.php
  90. How to set up an auto delete post?
  91. My customizer’s setting doesn’t set to the default and needed to click the control’s “Default” button before it’ll be set
  92. Save the outputted image into the Media Library, with a different filename and extension
  93. WordPress get_post_meta issue
  94. Modify php code to pass a page id as a parameter in order to create a breadcrumb
  95. How to add button to top of theme customizer?
  96. ajax form function error
  97. How to edit the default database of WordPress [closed]
  98. I need a button to appear when not loged in and another when logged in, I need help fixing code PLEASE!
  99. Load slideshow.css file only if Slideshow is checked / on
  100. Predefine Magazine Style Layouts