Hello,
Although I’ve only done this with Plugins I don’t see why it would be different with a Theme. Best way in my opinion would be sending your data over an ajax call.
You can find more information here: https://codex.ww.wp.xz.cn/AJAX_in_Plugins
Instead of going back and forth and redirecting the user all the time, it’s just a response and redirect accordingly if that’s the case. Like a normal simple ajax call.
Make sure to sanitize your data from your forms though to be safe & sound.
Best regards,
Konstantinos
On the public-facing side, AJAX is not always the best idea. That’s because there’s a lot of people that brose with JavaScript either restricted or totally disabled. That breaks anything that you want to do is AJAX, and you’ll never know.
As for the location to submit the form to, there’s a couple of options…
First, you can do it as you’ve already suggested, sending them to the dedicated processing script. The good part about this is that you know where that is, and everything works under that one URL. The bad part about this is that you need to make sure that your script is secure, because as soon as it’s recognsied as a form submit script by bots out there, it will be targeted hard and fast.
The other option that I’ve seen is to submit the form to teh page that it’s on, and do the processing of it before outputting the forms results. Most times that I’ve seen this it’s been done for “simple” contact forms where not a lot needs to happen really, but it will still work with any form. It can be slightly better because there’s no single submit URL for everything, so it seems a bit more “expanded” to bots and hackers.
Thread Starter
dllive
(@dllive)
Thanks guys.
I think Ill go down the dedicated processing script route. Ive made a start on this and found that if I include wp_load.php in the head of my code I have access to all the WP functions. (this is really useful!).
Ive also got some session code in place so that – if the user isnt logged in – they are booted out – so hopefully that will stop any spam bots attacking the forms.
Ive just run into another problem – which is related but slightly different: Within my WordPress template I need to access my own database. Very simple, I just need to pull out all the fields in a row where the id of the row equals the page id. How would I do this?
Many thanks for your assistance! 🙂
You should get all post fields in the WP_Post object, which is returned by get_post(). You can also directly access DB data by using wpdb class methods. This class has an instance in the global $wpdb.
“…I include wp_load.php in the head of my code I have access to all the WP functions.”
Nice huh? You maybe saw that WP did this and tried it yourself? Clever! Unfortunately, initiating the WP environment that way in theme and plugin code is Doing it Wrong™. For any WP environment, plugins and themes cannot know the proper path to wp-load.php because plugins and themes can be moved around in the folder structure. If you want your code to be compatible with other WP installations, you cannot do it that way. The only proper ways to initiate the enviornment is to code through a custom page template or by sending requests through admin-ajax.php or admin-post.php.
Of course, for your own site, you can do whatever you like. Just know that you’re technically doing it wrong 😉
Thread Starter
dllive
(@dllive)
Haha – thanks bcworkz. As long as Im doing it “technically wrong” and not just “wrong” Im happy with that. 🙂
