使用PHP将数据插入到表单提交的WordPress表中

时间:2015-04-16 22:08:07

标签: php database wordpress wordpress-plugin

我有一个包含一些字段的表单,以及一个与字段对应的wpdb表。我希望在表单上单击提交按钮时将表单中的数据提交到表中。

以下是表格:

function display_form(){
echo '
<form action="insertrow.php" method="post">
<p>Ticket id:  <br />
User id: <br /> 
Description: <textarea class="widget" rows="4" cols="1" 
name="ticket_description"></textarea>
Priority: <select name="ticket_priority" placeholder="Select">
<option value="critical">Critical</option>
<option value="urgent">Urgent</option>
<option value="important">Important</option>
<option value="standard" selected>Standard</option>
</select>
Status: <select name="ticket_status" placeholder="Select">
<option value="planned">Planned</option>
<option value="in progress">In Progress</option>
<option value="on hold">On Hold</option>
<option value="completed">Completed</option>
<option value="ready for invoice">Ready for Invoice</option>
<option value="to be invoiced as per attached">To be invoiced as per  
attached</option>
</select>
</p>
<input type="submit" name="submit" value="submit">
</form> 
';
}

表单调用insertrow.php文件:

if(isset($_POST['submit']))
{
insert_row();
}

function insert_row()
{
global $wpdb;
require_once('../../../wp-config.php');
$tablename =  'st_support_ticket';

$data = array( 
'ticket_id' => '1', 
'ticket_user_id' => '1', 
'ticket_description' => $_POST['ticket_description'] ,
'ticket_priority' => $_POST['ticket_priority'],
'ticket_status' => $_POST['ticket_status'] );

$wpdb->insert($tablename, $data);
}

只是试图让它在st_support_ticket表中输入描述,优先级和状态。

当我单击提交时,将url后缀更改为insertrow.php并显示空白页面。数据未输入表格(通过在phpmyadmin中打开来检查)。

我错过了什么吗?

1 个答案:

答案 0 :(得分:0)

这不是WordPress方式。有几个问题,但让我们从高层开始。

注意:此答案假定您正在使用前端,而不是在虚拟机主板上。

首先,您的表单标记不应指向特定文件。您应该修改表单以指回它所在的页面。执行此操作的懒惰(非理想)方法是将表单标记的“操作”保留为空。这将导致表单回发到它显示在同一页面/网址上:

<form method="post" action="">

然后,找到你的主题functions.php文件,或你的插件主文件,并“包含”insertrow.php文件:

require_once "insertrow.php;

然后,您需要稍微改变一下“观察”,这样它比“提交”更具有FAR的独特价值。由于您的表单包含名称为ticket_priority的选择,因此我建议您注意:

if(isset($_POST['ticket_priority']))
{
insert_row();
}

而且,如果你按照我建议的方式这样做,你将不必包含WP代码

// Comment the below line out.  Not necessary.
// require_once('../../../wp-config.php');

最后 - 在WP网站上,您希望利用现有的WordPress安全工具。使用NONCE输入是帮助确保表单合法发布而不是垃圾邮件的最低要求。请查看wp_nonce_fieldwp_verify_nonce

使用“WordPress方式”进行更多内联,您的代码看起来就像这样:

function display_form(){
    echo '
    <form action="" method="post">';
    // Add a nonce field
    wp_nonce_field('MyNonceAction', 'ticket_nonce');
    echo '
    <p>Ticket id:  <br />
    User id: <br /> 
    Description: <textarea class="widget" rows="4" cols="1" 
    name="ticket_description"></textarea>
    Priority: <select name="ticket_priority" placeholder="Select">
    <option value="critical">Critical</option>
    <option value="urgent">Urgent</option>
    <option value="important">Important</option>
    <option value="standard" selected>Standard</option>
    </select>
    Status: <select name="ticket_status" placeholder="Select">
    <option value="planned">Planned</option>
    <option value="in progress">In Progress</option>
    <option value="on hold">On Hold</option>
    <option value="completed">Completed</option>
    <option value="ready for invoice">Ready for Invoice</option>
    <option value="to be invoiced as per attached">To be invoiced as per  
    attached</option>
    </select>
    </p>
    <input type="submit" name="submit" value="submit">
    </form> 
    ';
}

以下代码包含在您的主题/插件核心文件中,而不是在独立文件中:

if(isset($_POST['ticket_priority']))
{
    // Debugging output, since you are having troubles finding the issue.
    // If this doesn't fire, then you've got a problem with the select name or this code isn't included in your theme / plugin.
    echo "SAVING ENTRY";
    // Get the nonce value for validation
    $nonce = $_POST['ticket_nonce'];
    // If the nonce does not verify, do NOT process the form.
    if ( ! wp_verify_nonce($nonce, 'MyNonceAction')) {
         // If this spits out an error, that means the nonce failed
         echo 'Security error. Do not process the form.';
         return;
    }

    insert_row();
}

function insert_row()
{

    // You should use the WP table prefixes, so let's set that up....
    global $wpdb, $table_prefix;
    $tablename =  $table_prefix . 'st_support_ticket';

    $data = array( 
    'ticket_id' => '1', 
    'ticket_user_id' => '1', 
    'ticket_description' => $_POST['ticket_description'] ,
    'ticket_priority' => $_POST['ticket_priority'],
    'ticket_status' => $_POST['ticket_status'] );

    // Debugging: Lets see what we're trying to save
    var_dump($data);

    // FOR database SQL injection security, set up the formats
    $formats = array( 
        '%d', // ticket_id should be an integer
        '%d', // ticket_user_id should be an integer
        '%s', // ticket_description should be a string
        '%s', // ticket_priority should be an string
        '%s'  // ticket_status should be an string 
    ); 

    // Debugging: Turn on error reporting for db to see if there's a database error
    $wpdb->show_errors();
    // Actually attempt to insert the data
    $wpdb->insert($tablename, $data, $formats);
}
相关问题
最新问题