Use a PHP file as action for a form in a WordPress plugin, what's the correct way?





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







1















I'm developing my first "serious" WordPress plugin using Devin Vinson's plugin boiler plate generated with this generator. Now I need to use a PHP file not present in default boilerplate as action attribute value for a form. When the form is submitted and the PHP file executed I get many fatal errors of call to undefined function for every WordPress function that I call in that file...
I already read THIS and I obviously required the PHP file with require_once plugin_dir_path( dirname( __FILE__ ) ) . 'includes/ccwdpo-submit-question.php'; but I didn't solve my problem...



What's my mistake?






plugin-development forms







share|improve this question







New contributor




icolumbro is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 2





    Move the logic from the PHP file to the function and invoke it after sending the form. admin_post_{action} hook is what you need. Here you will find usage examples. If something is unclear, ask.

    – nmr
    Apr 13 at 10:16


















1















I'm developing my first "serious" WordPress plugin using Devin Vinson's plugin boiler plate generated with this generator. Now I need to use a PHP file not present in default boilerplate as action attribute value for a form. When the form is submitted and the PHP file executed I get many fatal errors of call to undefined function for every WordPress function that I call in that file...
I already read THIS and I obviously required the PHP file with require_once plugin_dir_path( dirname( __FILE__ ) ) . 'includes/ccwdpo-submit-question.php'; but I didn't solve my problem...



What's my mistake?






plugin-development forms







share|improve this question







New contributor




icolumbro is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 2





    Move the logic from the PHP file to the function and invoke it after sending the form. admin_post_{action} hook is what you need. Here you will find usage examples. If something is unclear, ask.

    – nmr
    Apr 13 at 10:16














1












1








1








I'm developing my first "serious" WordPress plugin using Devin Vinson's plugin boiler plate generated with this generator. Now I need to use a PHP file not present in default boilerplate as action attribute value for a form. When the form is submitted and the PHP file executed I get many fatal errors of call to undefined function for every WordPress function that I call in that file...
I already read THIS and I obviously required the PHP file with require_once plugin_dir_path( dirname( __FILE__ ) ) . 'includes/ccwdpo-submit-question.php'; but I didn't solve my problem...



What's my mistake?






plugin-development forms







share|improve this question







New contributor




icolumbro is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












I'm developing my first "serious" WordPress plugin using Devin Vinson's plugin boiler plate generated with this generator. Now I need to use a PHP file not present in default boilerplate as action attribute value for a form. When the form is submitted and the PHP file executed I get many fatal errors of call to undefined function for every WordPress function that I call in that file...
I already read THIS and I obviously required the PHP file with require_once plugin_dir_path( dirname( __FILE__ ) ) . 'includes/ccwdpo-submit-question.php'; but I didn't solve my problem...



What's my mistake?






plugin-development forms




plugin-development forms






share|improve this question







New contributor




icolumbro is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question







New contributor




icolumbro is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question






New contributor




icolumbro is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked Apr 13 at 9:37









icolumbroicolumbro

62




62




New contributor




icolumbro is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





icolumbro is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






icolumbro is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








  • 2





    Move the logic from the PHP file to the function and invoke it after sending the form. admin_post_{action} hook is what you need. Here you will find usage examples. If something is unclear, ask.

    – nmr
    Apr 13 at 10:16














  • 2





    Move the logic from the PHP file to the function and invoke it after sending the form. admin_post_{action} hook is what you need. Here you will find usage examples. If something is unclear, ask.

    – nmr
    Apr 13 at 10:16








2




2





Move the logic from the PHP file to the function and invoke it after sending the form. admin_post_{action} hook is what you need. Here you will find usage examples. If something is unclear, ask.

– nmr
Apr 13 at 10:16





Move the logic from the PHP file to the function and invoke it after sending the form. admin_post_{action} hook is what you need. Here you will find usage examples. If something is unclear, ask.

– nmr
Apr 13 at 10:16










1 Answer
1






active

oldest

votes


















2














To be honest, you should never use a PHP file as action attribute for a form in WordPress. WordPress already has API for this and you should use this instead. Why? Because it's always better if your app/site has only one entry point (or as few as possible).



And it's always a bad idea to direct any PHP requests directly to wp-content directory - such requests are very often blocked for security reasons.



So how to do this properly?



Use admin-post instead.



So in your form change this:



<form action="<SOME FILE>" ...


to this:



<form action="<?php echo esc_attr( admin_url( 'admin-post.php' ) ); ?>" ...

    <input type="hidden" name="action" value="myform" />


And later in your plugin, you have to register your actions callbacks:



add_action( 'admin_post_myform', 'prefix_admin_myform_callback' );

add_action( 'admin_post_nopriv_myform', 'prefix_admin_myform_callback' );





function prefix_admin_myform_callback() {

    status_header(200);

    die("Server received '{$_REQUEST['data']}' from your browser.");

    //request handlers should die() when they complete their task

}





share|improve this answer


























  • Thank you, I'll try soon your solution but I have a doubt: what means "action"="myform" in hidden input field?

    – icolumbro
    Apr 13 at 10:26











  • It tells WP, which action should it run to process this request. The "myform" part is then used to register your callbacks - admin_post_{action}

    – Krzysiek Dróżdż
    Apr 13 at 10:28











  • Yeah, I understand but is it correct to use "action" with double quotes as a name for a "not-standard" attribute?

    – icolumbro
    Apr 13 at 10:58











  • @icolumbro Aaaa... Sorry for that, it's just a typo - this happens when you write answer on mobile. I've already fixed this - sorry again :)

    – Krzysiek Dróżdż
    Apr 13 at 11:00






  • 1





    I figured it is a typo even reading the codex page but I preferred to ask you to be sure, thank you, now I try!

    – icolumbro
    Apr 13 at 11:10












Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "110"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});






icolumbro is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fwordpress.stackexchange.com%2fquestions%2f334284%2fuse-a-php-file-as-action-for-a-form-in-a-wordpress-plugin-whats-the-correct-wa%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









2














To be honest, you should never use a PHP file as action attribute for a form in WordPress. WordPress already has API for this and you should use this instead. Why? Because it's always better if your app/site has only one entry point (or as few as possible).



And it's always a bad idea to direct any PHP requests directly to wp-content directory - such requests are very often blocked for security reasons.



So how to do this properly?



Use admin-post instead.



So in your form change this:



<form action="<SOME FILE>" ...


to this:



<form action="<?php echo esc_attr( admin_url( 'admin-post.php' ) ); ?>" ...

    <input type="hidden" name="action" value="myform" />


And later in your plugin, you have to register your actions callbacks:



add_action( 'admin_post_myform', 'prefix_admin_myform_callback' );

add_action( 'admin_post_nopriv_myform', 'prefix_admin_myform_callback' );





function prefix_admin_myform_callback() {

    status_header(200);

    die("Server received '{$_REQUEST['data']}' from your browser.");

    //request handlers should die() when they complete their task

}





share|improve this answer


























  • Thank you, I'll try soon your solution but I have a doubt: what means "action"="myform" in hidden input field?

    – icolumbro
    Apr 13 at 10:26











  • It tells WP, which action should it run to process this request. The "myform" part is then used to register your callbacks - admin_post_{action}

    – Krzysiek Dróżdż
    Apr 13 at 10:28











  • Yeah, I understand but is it correct to use "action" with double quotes as a name for a "not-standard" attribute?

    – icolumbro
    Apr 13 at 10:58











  • @icolumbro Aaaa... Sorry for that, it's just a typo - this happens when you write answer on mobile. I've already fixed this - sorry again :)

    – Krzysiek Dróżdż
    Apr 13 at 11:00






  • 1





    I figured it is a typo even reading the codex page but I preferred to ask you to be sure, thank you, now I try!

    – icolumbro
    Apr 13 at 11:10
















2














To be honest, you should never use a PHP file as action attribute for a form in WordPress. WordPress already has API for this and you should use this instead. Why? Because it's always better if your app/site has only one entry point (or as few as possible).



And it's always a bad idea to direct any PHP requests directly to wp-content directory - such requests are very often blocked for security reasons.



So how to do this properly?



Use admin-post instead.



So in your form change this:



<form action="<SOME FILE>" ...


to this:



<form action="<?php echo esc_attr( admin_url( 'admin-post.php' ) ); ?>" ...

    <input type="hidden" name="action" value="myform" />


And later in your plugin, you have to register your actions callbacks:



add_action( 'admin_post_myform', 'prefix_admin_myform_callback' );

add_action( 'admin_post_nopriv_myform', 'prefix_admin_myform_callback' );





function prefix_admin_myform_callback() {

    status_header(200);

    die("Server received '{$_REQUEST['data']}' from your browser.");

    //request handlers should die() when they complete their task

}





share|improve this answer


























  • Thank you, I'll try soon your solution but I have a doubt: what means "action"="myform" in hidden input field?

    – icolumbro
    Apr 13 at 10:26











  • It tells WP, which action should it run to process this request. The "myform" part is then used to register your callbacks - admin_post_{action}

    – Krzysiek Dróżdż
    Apr 13 at 10:28











  • Yeah, I understand but is it correct to use "action" with double quotes as a name for a "not-standard" attribute?

    – icolumbro
    Apr 13 at 10:58











  • @icolumbro Aaaa... Sorry for that, it's just a typo - this happens when you write answer on mobile. I've already fixed this - sorry again :)

    – Krzysiek Dróżdż
    Apr 13 at 11:00






  • 1





    I figured it is a typo even reading the codex page but I preferred to ask you to be sure, thank you, now I try!

    – icolumbro
    Apr 13 at 11:10














2












2








2







To be honest, you should never use a PHP file as action attribute for a form in WordPress. WordPress already has API for this and you should use this instead. Why? Because it's always better if your app/site has only one entry point (or as few as possible).



And it's always a bad idea to direct any PHP requests directly to wp-content directory - such requests are very often blocked for security reasons.



So how to do this properly?



Use admin-post instead.



So in your form change this:



<form action="<SOME FILE>" ...


to this:



<form action="<?php echo esc_attr( admin_url( 'admin-post.php' ) ); ?>" ...

    <input type="hidden" name="action" value="myform" />


And later in your plugin, you have to register your actions callbacks:



add_action( 'admin_post_myform', 'prefix_admin_myform_callback' );

add_action( 'admin_post_nopriv_myform', 'prefix_admin_myform_callback' );





function prefix_admin_myform_callback() {

    status_header(200);

    die("Server received '{$_REQUEST['data']}' from your browser.");

    //request handlers should die() when they complete their task

}





share|improve this answer















To be honest, you should never use a PHP file as action attribute for a form in WordPress. WordPress already has API for this and you should use this instead. Why? Because it's always better if your app/site has only one entry point (or as few as possible).



And it's always a bad idea to direct any PHP requests directly to wp-content directory - such requests are very often blocked for security reasons.



So how to do this properly?



Use admin-post instead.



So in your form change this:



<form action="<SOME FILE>" ...


to this:



<form action="<?php echo esc_attr( admin_url( 'admin-post.php' ) ); ?>" ...

    <input type="hidden" name="action" value="myform" />


And later in your plugin, you have to register your actions callbacks:



add_action( 'admin_post_myform', 'prefix_admin_myform_callback' );

add_action( 'admin_post_nopriv_myform', 'prefix_admin_myform_callback' );





function prefix_admin_myform_callback() {

    status_header(200);

    die("Server received '{$_REQUEST['data']}' from your browser.");

    //request handlers should die() when they complete their task

}






share|improve this answer














share|improve this answer



share|improve this answer








edited Apr 13 at 10:59

























answered Apr 13 at 10:15









Krzysiek DróżdżKrzysiek Dróżdż

18.6k73349




18.6k73349













  • Thank you, I'll try soon your solution but I have a doubt: what means "action"="myform" in hidden input field?

    – icolumbro
    Apr 13 at 10:26











  • It tells WP, which action should it run to process this request. The "myform" part is then used to register your callbacks - admin_post_{action}

    – Krzysiek Dróżdż
    Apr 13 at 10:28











  • Yeah, I understand but is it correct to use "action" with double quotes as a name for a "not-standard" attribute?

    – icolumbro
    Apr 13 at 10:58











  • @icolumbro Aaaa... Sorry for that, it's just a typo - this happens when you write answer on mobile. I've already fixed this - sorry again :)

    – Krzysiek Dróżdż
    Apr 13 at 11:00






  • 1





    I figured it is a typo even reading the codex page but I preferred to ask you to be sure, thank you, now I try!

    – icolumbro
    Apr 13 at 11:10



















  • Thank you, I'll try soon your solution but I have a doubt: what means "action"="myform" in hidden input field?

    – icolumbro
    Apr 13 at 10:26











  • It tells WP, which action should it run to process this request. The "myform" part is then used to register your callbacks - admin_post_{action}

    – Krzysiek Dróżdż
    Apr 13 at 10:28











  • Yeah, I understand but is it correct to use "action" with double quotes as a name for a "not-standard" attribute?

    – icolumbro
    Apr 13 at 10:58











  • @icolumbro Aaaa... Sorry for that, it's just a typo - this happens when you write answer on mobile. I've already fixed this - sorry again :)

    – Krzysiek Dróżdż
    Apr 13 at 11:00






  • 1





    I figured it is a typo even reading the codex page but I preferred to ask you to be sure, thank you, now I try!

    – icolumbro
    Apr 13 at 11:10

















Thank you, I'll try soon your solution but I have a doubt: what means "action"="myform" in hidden input field?

– icolumbro
Apr 13 at 10:26





Thank you, I'll try soon your solution but I have a doubt: what means "action"="myform" in hidden input field?

– icolumbro
Apr 13 at 10:26













It tells WP, which action should it run to process this request. The "myform" part is then used to register your callbacks - admin_post_{action}

– Krzysiek Dróżdż
Apr 13 at 10:28





It tells WP, which action should it run to process this request. The "myform" part is then used to register your callbacks - admin_post_{action}

– Krzysiek Dróżdż
Apr 13 at 10:28













Yeah, I understand but is it correct to use "action" with double quotes as a name for a "not-standard" attribute?

– icolumbro
Apr 13 at 10:58





Yeah, I understand but is it correct to use "action" with double quotes as a name for a "not-standard" attribute?

– icolumbro
Apr 13 at 10:58













@icolumbro Aaaa... Sorry for that, it's just a typo - this happens when you write answer on mobile. I've already fixed this - sorry again :)

– Krzysiek Dróżdż
Apr 13 at 11:00





@icolumbro Aaaa... Sorry for that, it's just a typo - this happens when you write answer on mobile. I've already fixed this - sorry again :)

– Krzysiek Dróżdż
Apr 13 at 11:00




1




1





I figured it is a typo even reading the codex page but I preferred to ask you to be sure, thank you, now I try!

– icolumbro
Apr 13 at 11:10





I figured it is a typo even reading the codex page but I preferred to ask you to be sure, thank you, now I try!

– icolumbro
Apr 13 at 11:10










icolumbro is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















icolumbro is a new contributor. Be nice, and check out our Code of Conduct.













icolumbro is a new contributor. Be nice, and check out our Code of Conduct.












icolumbro is a new contributor. Be nice, and check out our Code of Conduct.
















Thanks for contributing an answer to WordPress Development Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fwordpress.stackexchange.com%2fquestions%2f334284%2fuse-a-php-file-as-action-for-a-form-in-a-wordpress-plugin-whats-the-correct-wa%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Plaza Victoria

Image
Plaza Victoria Plaza Victoria en 2017 Otros nombres Plaza de La Victoria Localización El Almendral, Valparaíso, Chile Vías adyacentes Chacabuco, Molina, Plaza Victoria y Edwards Creación 1841 Metro Bellavista Ubicación 33°02′46″S 71°37′11″O  /  -33.04624167, -71.61980833 Coordenadas: 33°02′46″S 71°37′11″O  /  -33.04624167, -71.61980833 [editar datos en Wikidata] La Plaza Victoria , también llamada Plaza de la Victoria , [ 1 ] ​ es una plaza ubicada en el sector El Almendral del plan de la ciudad de Valparaíso, Chile, de importancia patrimonial, que incluye valiosas estatuas y especies vegetales. [ 2 ] ​ La plaza se creó como tal en la primera mitad del siglo XIX, tomando previamente los nombres de Plaza Nueva y Plaza de Orrego . Si bien desde sus inicios tuvo relevancia histórica, no fue sino a partir de fines de los años 1860 cuando comenzó a cobrar mayor importancia y se convirtió en uno de los principales centros sociales de l...
Read more

Brian Clough

Image
Brian Clough Datos personales Nombre completo Brian Howard Clough Apodo(s) Old Big 'Ead, Cloughie [ 1 ] ​ Nacimiento Middlesbrough, Inglaterra, Reino Unido 21 de marzo de 1935 Nacionalidad(es) Fallecimiento Derby, Reino Unido 20 de septiembre de 2004 (69 años) Altura 1,78 [ 1 ] ​ metros Carrera Deporte Fútbol Debut deportivo 1955 (Como jugador) 1965 (Como entrenador) (Middlesbrough F. C. (Como jugador) Hartlepool United F. C. (Como entrenador) ) Posición Delantero Goles en clubes 269 [ 2 ] ​ Retirada deportiva 1964 (Como jugador) 1993 (Como entrenador) (Sunderland A. F. C. (Como jugador) Nottingham Forest (Como entrenador) ) Carrera internacional Part. 2 [editar datos en Wikidata] Brian Howard Clough , OBE [ 3 ] ​ (Middlesbrough, Inglaterra, Reino Unido, 21 de marzo de 1935 – Derby, Inglaterra, Reino Unido, 20 de septiembre de 2004) fue un jugador y entrenador británico de fútbol. Es conocido por...
Read more

Cáceres

Image
Para otros usos de este término, véase Cáceres (desambiguación). Cáceres Municipio y ciudad Bandera Escudo Collage de Cáceres Cáceres Ubicación de Cáceres en España. Cáceres Ubicación de Cáceres en la provincia de Cáceres. País  España • Com. autónoma  Extremadura • Provincia  Cáceres • Partido judicial Cáceres Ubicación 39°28′23″N 6°22′16″O  /  39.473055555556, -6.3711111111111 Coordenadas: 39°28′23″N 6°22′16″O  /  39.473055555556, -6.3711111111111 • Altitud 457 [ 1 ] ​ msnm (mín.:211 [ 2 ] ​, máx.:708 [ 2 ] ​) Superficie 1750,33 km² Núcleos de población Cáceres Estación Arroyo-Malpartida Rincón de Ballesteros Valdesalor Fundación 34 a. C. Población 96 068 hab. (2018) • Densidad 54,8 hab./km² Gentilicio Cacereño/a [ 3 ] ​ Código postal 10001-10005, 10195 Alcaldesa (2015) María Elena Nevado del Campo [ 4 ] ​ Presupuesto 69.045.004€ [ 5 ] ​  (año ...
Read more