Form Submission in Admin Panel

  • Resolved abufoysal

    (@abufoysal)


    5 years ago

    I have a Form in my Admin Panel like below.

    <form method="post" name="newAddress" id="createuser" class="validate" novalidate="novalidate" action="<?php echo WP_PLUGIN_URL . '/CRUD/form.php' ?>">
    

    <input type="hidden" name="action" value="nds_form_response">
		<input type="hidden" name="nds_add_user_meta_nonce" value="<?php echo $nds_add_meta_nonce ?>" />

    <table class="form-table" role="presentation">
      <tr class="form-field form-required">
        <th scope="row">
          <label for="name">
            <?php 
              _e( 'Name' ); 
            ?>
          </label>
        </th>
        <td>
          <input name="name" type="text" id="name" value="" aria-required="true" autocapitalize="none" autocorrect="off" maxlength="60" />
        </td>
      </tr>
      <tr class="form-field form-required">
        <th scope="row">
          <label for="email">
            <?php 
              _e( 'Email' ); 
            ?>
          </label>
        </th>
        <td>
          <input name="email" type="email" id="email" value="" />
        </td>
      </tr>
      <tr class="form-field">
        <th scope="row">
          <label for="phone_no">
            <?php _e( 'Phone No' ); ?> 
          </label>
        </th>
        <td>
          <input name="phone_no" type="text" id="phone_no" value="" />
        </td>
      </tr>
      <tr class="form-field">
        <th scope="row">
          <label for="address">
            <?php _e( 'Address' ); ?> 
          </label>
        </th>
        <td>
          <input name="address" type="text" id="address" value="" />
        </td>
      </tr>
      <tr class="form-field">
        <th scope="row">
          <label for="photo">
            <?php _e( 'Photo' ); ?>
          </label>
        </th>
        <td>
          <input name="photo" type="text" id="photo" class="code" value="" />
        </td>
      </tr>
    </table>
    <?php submit_button( __( 'Add New Address' ), 'primary', 'addnewaddress', true, array( 'id' => 'addnewaddress' ) ); ?>
  </form>

    How can I submit the Form ? I would like to insert values in Database.

Viewing 4 replies - 1 through 4 (of 4 total)
  • kushwahpooja

    (@kushwahpooja)

    Use
    action path
    <form action="<?php echo admin_url( 'admin-post.php' ); ?>" method="post">
    add action field
    <input type="hidden" name="action" value="esol_allinone_export_action">
    create action function and put your code

    add_action( 'admin_post_esol_allinone_export_action', 'esol_allinone_export_action_csv' );
function esol_allinone_export_action_csv(){}
    • This reply was modified 5 years ago by bcworkz. Reason: code fixed
    Moderator bcworkz

    (@bcworkz)

    Hi @kushwahpooja – thanks for the suggestion, the use of admin-post.php isn’t very well known even though it is so useful for things like this.

    To the point, please demarcate code you post in these forums with backticks, or use the code button. If you don’t, the forum’s parser corrupts your code, rendering it unusable. We wouldn’t want your thoughtful reply to cause further confusion! I fixed up your reply so its code does not cause syntax errors when copy/pasted.

    abufoysal – that is the very basics of handling form submissions, but you mustn’t neglect to implement adequate security. It’s OK to put this off when developing, but it must be in place for production. You form should include a nonce hidden field that is verified in your PHP handler. Checking that the referring page is correct is a good idea. Also verify the current user is logged in and has adequate role and capability to alter the DB. All submitted form values must be validated and sanitized.

    Thread Starter abufoysal

    (@abufoysal)

    Thanks @bcworkz. Your solution is working. I was fighting with it for a week. Thanks.

    Moderator bcworkz

    (@bcworkz)

    No problem. BTW, I just recently came across discussion that decided that checking the referrer is not productive as long as a nonce check is performed because the referrer value can be spoofed and is thus unreliable. IMO it doesn’t hurt to check anyway since not all attackers are all that sophisticated, but then I cannot see how anyone could get past a nonce check without fetching the form, so perhaps it isn’t productive.

    Do check a nonce and user capability though, that much is not in question.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Form Submission in Admin Panel’ is closed to new replies.

Tags