How to Handle Form Submissions in WordPress with Admin-Post and Admin-Ajax


WordPress offers unbelievable assist for you to work with type submissions in your software. Whether you add a type in the admin or public going through areas, the built-in mechanism with the admin-post and admin-ajax scripts will enable you to deal with your type requests effectively.

In this text, I’ll present you the way to deal with customized type submissions utilizing the WordPress API. I’ll stroll you thru the method of including a customized type in the admin space of a plugin, deal with the shape submission by way of an HTML in addition to an AJAX request, and write the shape handler in PHP to validate, sanitize and course of the shape enter.

While I’ll keep throughout the admin realms of WordPress, the identical ideas are relevant whereas working with kinds in the general public going through areas.

I’ll even be making use of object-oriented programming constructs for the plugin; nonetheless, you possibly can obtain the identical end result utilizing procedural code as nicely. The follow plugin could be downloaded from here to comply with alongside with the article.

Note: This article is meant for intermediate-advanced WordPress builders. It assumes that you’ve a working information of HTML, JavaScript, jQuery, PHP and the WordPress Plugin API. If you’d like a refresher, I like to recommend that you simply learn by way of the next:

Let’s get began by first understanding the built-in WordPress mechanism to deal with a daily type submit request.

Form Submissions with admin-post.php in WordPress

The gamut of hooks obtainable in WordPress offers you nice management over the stream of execution of your software. This is not any totally different when it comes to processing kinds. All you want is the proper hook to ‘hook into’ and add the customized type handler. The hooks for processing customized kinds are dynamic in nature, that means that the title of the hook partly is dependent upon you.

To course of submissions associated to your type solely, you want finer management as proven beneath:

WordPress form submission with admin-post.php
WordPress type submission with admin-post.php

This is completed by pointing the shape submission to the admin-post.php file positioned in the wp-admin listing of WordPress, and together with a customized title for the motion in the shape. On doing so, WordPress will set off two motion hooks primarily based on the logged in standing of the person:

  • admin_post_{$motion} for logged in customers
  • admin_post_nopriv_{$motion} for non-logged in customers

Where $motion is the title of the motion that was handed by way of the shape.

You can then use add_action to tie the PHP type handler to the triggered hooks, the place you’ll have full management to course of the shape knowledge with the $_GET and $_POST variables.

As you could have guessed already, regardless of its title, admin-post.php can deal with POST and GET requests in addition to requests for admin and non-admin areas of the appliance.

Let’s discover this with the assistance of a customized plugin.

The Object-Oriented Plugin Structure

My aim right here is to allow you to perceive every part that goes behind processing customized kinds in WordPress with and with out AJAX. For this text, I’ve ready a customized plugin that you may download from here to comply with alongside. I like to recommend that you’ve it open in an appropriate editor and set up it on a neighborhood WordPress setup solely.

I constructed the plugin utilizing object-oriented programming practices with the assistance of a plugin boilerplate. Boilerplate Starting Points are among the many many finest practices listed in the WordPress Plugin Handbook. They’re an effective way to guarantee consistency throughout your plugins, and prevent quite a lot of time writing normal code. Over a interval, chances are you’ll even find yourself writing your personal customized boilerplate primarily based in your coding preferences. That’s what I did.

The plugin is predicated on my own plugin template which is a fork of the unique WordPress Plugin Boilerplate undertaking. It’s related to the unique undertaking in many facets but additionally has assist for namespaces and autoloading. This method I don’t want to have distinctive prefixes for each class or operate, and don’t find yourself with quite a lot of embrace and require statements. However, the minimal required PHP model for my plugin is 5.6.0.

Note: If you don’t use namespaces or use procedural code you have to prefix every part.

Here’s how the plugin is structured in the backend:

  • inc/core/* – core performance of the plugin
  • inc/admin/* – performance associated with the admin space
  • inc/frontend/* – performance associated with the general public going through areas
  • inc/frequent/* – performance shared between the admin and the frontend
oop-based-plugin structure
Plugin construction in the backend

The plugin has a top-level admin menu with two menu objects for the shape pages.

admin menu structure of the plugin
Admin menu construction of the plugin

To see how I added the admin menu pages, check out the define_admin_hooks() technique in inc/core/class-init.php and the add_plugin_admin_menu() technique in the inc/admin/class-admin.php of the plugin.

If you’d like to know extra about including admin pages to your plugin, take a look at our article about creating WordPress admin pages here.

Adding the Form to the Admin Page of the Plugin

When I added the “HTML Form Submit” menu web page for the plugin, I had to additionally specify the callback to load the web page content material. This is the place the shape is added.

However, as an alternative of straight writing the HTML in the html_form_page_content technique, I used one other file partials-html-form-view.phppositioned in inc/admin/views for the shape HTML and loaded it in the callback as proven beneath:

This is solely a coding choice. It permits me to preserve my code readable by separating the HTML, and makes no distinction to the output of the shape on the plugin web page.

plugin admin page with html form
HTML Form in the admin web page of the plugin

Understanding Form Security, Structure, and Submission

The type that was added above has a choose area with a drop-down record of current WordPress customers and two textual content fields for person enter. However, this easy instance has so much occurring behind the scenes. The type code beneath is self-explanatory, so let’s stroll by way of the essential parts:

Form Security

The most essential factor to preserve in thoughts when dealing with kinds in the admin space of WordPress is safety. Secure your type utilizing a mix of each WordPress Nonces and current_user_can( $functionality ). In my instance, I’ve restricted entry to the shape with if( current_user_can( 'edit_users' ) ), i.e. the shape will likely be loaded provided that the logged in person has the edit_users functionality.

I additionally generated a customized nonce through the use of wp_create_nonce() and then added it as a hidden type area. You can as an alternative use wp_nonce_field() to add it straight. Here’s a great article to perceive Nonces in element.

Form Structure

I’ve prefixed all type parts with the plugin title to guarantee uniqueness. This is once more a private coding choice, as I could be certain of concentrating on solely my type parts by way of JavaScript. I’ve additionally used the HTML5 required attribute to go away type validation to the browser.

plugin form inspect view in chrome
Inspecting the admin type

Form Submission

The type submission is made to the admin-post.php utilizing the admin_url( 'admin-post.php' ) operate reasonably than hardcoding the URL. When WordPress receives the shape, it would search for the worth of the motion area to set off the shape hooks. In my case, it would generate the admin_post_nds_form_response hook. Had it been a web page open to the general public view, it will have triggered the admin_post_nopriv_nds_form_response hook.

The Form Handler for the POST request

At this stage, for those who submit the shape, you’ll be redirected to an empty web page with the web page URL set to the admin-post.php. This is as a result of there is no such thing as a type handler to course of the request but. To course of the request, I registered my customized handler the_form_response in the define_admin_hooks() technique of class-init.php like this: $this->loader->add_action( 'admin_post_nds_form_response', $plugin_admin, 'the_form_response');

If you had been utilizing procedural code you’ll merely do add_action( 'admin_post_nds_form_response', 'the_form_response');

the_form_response() is the place I’ll have full entry to the shape knowledge by way of the $_POST or $_GET superglobals. As proven beneath, I added a breakpoint to the callback in my IDE to be sure that the hook would work as anticipated.

pausing php script execution
Inspecting type enter with XDebug

Form Validation and Input Sanitization

Before performing any operations, you have to validate the nonce and sanitize the person enter correctly. I made use of the wp_verify_nonce( $nonce_name, $nonce_action ) operate to confirm the nonce, and sanitize_key() and sanitize_text_field() capabilities to sanitize the person enter obtainable in the $_POST variable. If the nonce verification fails, the person will get an error message because the server response, utilizing the wp_die() WordPress operate.

Note: I accessed the shape knowledge utilizing the $_POST variable. Had I submitted the shape utilizing the get technique, I’d as an alternative make use of the $_GET or $_REQUEST world variable.

Only once I’m certain that every part is in order, would I carry out a WordPress operation like including the user-meta to the chosen person.

To know extra about enter sanitization, I like to recommend that you simply learn by way of the WordPress Codex: Validating Sanitizing and Escaping User Data here.

Submitting the Server Response

After performing the server operations, it’s essential to ship the server response again to the person. To do that, you’ll first want to redirect the person again to an admin web page or one that gives some suggestions. I redirected the person again to the plugin web page and used WordPress admin notices to show the server suggestions. The server response in my instance merely outputs the $_POST variable as a WordPress admin discover.

form post server response
Server response from the shape handler

Progressive Enhancement

At this stage, I’ve a completely useful type in the admin space of my WordPress plugin. It’s safe and submits correctly to my type handler, the place the enter knowledge is sanitized and lastly, the server response is seen. The type will work out of the field in all browsers which have assist for HTML5. But there’s so much I can do to enhance the person expertise comparable to including AJAX assist.

This strategy of building a primary stage of person expertise that’s obtainable in all browsers, and then including superior performance for browsers that assist it’s known as Progressive Enhancement.

Note: I’ve made the belief that my customers use fashionable browsers with HTML5 assist. However, if the shape had to be rendered on an older browser, the built-in HTML5 enter validation for required fields would break. Can I Use is a good web site that you should utilize to evaluate internet options which are obtainable throughout browsers and browser variations.

Form Submissions with AJAX (admin-ajax.php) in WordPress

AJAX in WordPress is dealt with by way of the wp-admin/admin-ajax.php file. Here’s an outline of how customized kinds could be processed by way of AJAX in WordPress:

form support with ajax
Form submission with AJAX assist in WordPress

You’ll discover that it’s fairly related to how kinds are processed utilizing admin-post.php. When WordPress receives an AJAX request it would create two hooks primarily based on the provided motion:

  • wp_ajax_{$motion} for logged in customers
  • wp_ajax_nopriv_{$motion} for non-logged in customers

Where $motion is the title of the motion that was handed.

Adding AJAX Support to the Plugin Form

The second menu web page of the plugin “Ajax Form Submit” masses the shape that’s submitted by way of an AJAX request. It’s added to the menu web page in the identical method as mentioned earlier, and makes use of the partials-ajax-form-view.php file to load the shape content material. If you take a look at this file, you’ll discover that it’s practically equivalent to the sooner type with the one variations being the worth of the shape id attribute and the title. Now that I can determine one type from the opposite, I can course of simply the second type by way of AJAX utilizing JavaScript.

To add AJAX assist, I carried out the next steps:

  • Enqueued a JavaScript file to load the jQuery
  • Used jQuery submit occasion handler to forestall the traditional type submission
  • Used jQuery.ajax() to submit the shape to admin-ajax.php as an alternative of admin-post.php

Note: If for some purpose JavaScript is disabled in the browser, jQuery or AJAX will likely be unavailable too, however the type will nonetheless submit usually. This is as a result of I left the shape submission URL as admin-post.php in the shape HTML.

Using JavaScript and jQuery to Post the Form

Here’s the JavaScript that I used to submit the shape by way of AJAX.

occasion.preventDefault(); is what truly prevents the traditional type submission.

I gathered the shape knowledge utilizing jQuery’s serialize() function however there are a lot of different methods to do that. One of them is using HTML5’s FormData interface. It’s past the scope of this text however it’s positively price .

var ajax_form_data = $("#nds_add_user_meta_ajax_form").serialize();

I additionally added further URL parameters to the serialized knowledge, so I can distinguish between an AJAX and a daily request in the PHP type handler later.

ajax_form_data = ajax_form_data+'&ajaxrequest=true&submit=Submit+Form';

Typically, the X-Requested-With HTTP header is mechanically set to XMLHttpRequest by the AJAX library. This will also be used to determine an AJAX request however it’s not all the time dependable.

The ajax() technique of jQuery will submit the request to the server.

To get the shape to submit to admin-ajax.php, I used an array params.ajaxurl that was handed in from PHP utilizing wp_localize_script.

Note: The type knowledge in my instance contains the motion that WordPress will use to generate the hooks for the AJAX request. The following hooks will likely be triggered by WordPress:

  • wp_ajax_nds_form_response for logged in customers
  • wp_ajax_nopriv_nds_form_response for non-logged in customers

The JavaScript file is enqueued in the enqueue_scripts() technique of class-admin.php as beneath:

The ajaxurl Global Variable

You can even use a world JavaScript variable ajaxurl as an alternative of passing the URL for admin-ajax.php from PHP. However, the variable is offered solely when dealing with the admin finish and is unavailable when dealing with AJAX on the frontend.

Depending on the response from the server, the AJAX promise callbacks .performed() and .fail() will execute accordingly. In my instance, for a profitable request, I’ve added the response to the empty div container #nds_form_feedback that was a part of my type HTML. Finally, the fields are cleared by reseting the shape.

The Form Handler for the AJAX Request

I’ve connected the identical type handler the_form_response to the AJAX request as nicely.

And in the shape handler, I used $_POST['ajaxrequest'] that was set manually in the JavaScript to distinguish between a traditional and AJAX request.

pausing script execution to verify ajax
Validating the AJAX request utilizing a breakpoint

That’s it. With AJAX, the response is displayed with out the web page being reloaded or redirected.

If JavaScript was disabled or didn’t load for some purpose, $_POST['ajaxrequest'] wouldn’t be legitimate, and the shape would submit usually by skipping the AJAX particular if( isset( $_POST['ajaxrequest'] ) && $_POST['ajaxrequest'] === 'true' ) code block.

You can definitely do much more to enhance the person expertise, and I like to recommend you learn by way of the jQuery API documentation for AJAX here.

Additional Resources

We’ve lined quite a lot of floor right here. AJAX is a reasonably huge subject and is applied in a number of methods. Here are some extra examples of utilizing AJAX in WordPress:


Source link