Handling Form Submission

After creating a form, you need to handle the form submission. In WordPress, you can use the admin-post.php file to handle the form submission. If you haven’t created a form yet, you can check out the Creating Form tutorial.

Create Form Handler File

For the separation of concerns, you should create a separate file to handle the form submission. For example, you can create a file named form-handler.php in the themes/<theme_name>/inc/ directory. The form-handler.php file will handle the form submission.

file structure:

Directorythemes/
- Directorytheme_name/
  - Directoryinc/
    form-handler.php

Add Form Handler File to functions.php

After creating the form-handler.php file, you need to add the file to the functions.php file. You can add the file using the require_once function.

require_once get_template_directory() . '/inc/form-handler.php';

Handle Form Submission

Now, you need to handle the form submission. To handle the form submission, you need to add the following code to the form-handler.php file.

<?php
/**
 * Handle form submission.
 */

add_action( 'admin_post_nopriv_contact_form_submission', 'handle_contact_form_submission' );
add_action( 'admin_post_contact_form_submission', 'handle_contact_form_submission' );

function handle_contact_form_submission() {
    // Check if the nonce is set.
    if ( isset( $_POST['contact_form_nonce'] ) && wp_verify_nonce( $_POST['contact_form_nonce'], 'contact_form_action' ) ) {
        
        // Check if the name is set.
        if ( isset( $_POST['name'] ) ) {
            $name = sanitize_text_field( $_POST['name'] );
        }

        // Check if the email is set.
        if ( isset( $_POST['email'] ) ) {
            $email = sanitize_email( $_POST['email'] );
        }

        // Check if the name and email is set.
        if ( isset( $name ) && isset( $email ) ) {

            // Validate Google reCAPTCHA
            $recaptcha_response = $_POST['g-recaptcha-response'];
            $recaptcha_secret = 'YOUR_RECAPTCHA_SECRET_KEY';
            $recaptcha_verify = wp_safe_remote_get("https://www.google.com/recaptcha/api/siteverify?secret=6LezqOMnAAAAAFLcXYKpO0KKnhhvybmh1l-ZmGez&response=$recaptcha_response");
            $recaptcha_data = json_decode($recaptcha_verify['body']);

            if ($recaptcha_data->success) {
                // CAPTCHA validation passed
                // Handle file upload if needed
                
                // Send email or save data to database

            wp_safe_redirect($_SERVER['HTTP_REFERER']);
            } else {
                // CAPTCHA validation failed
                echo "reCAPTCHA verification failed. Please try again.";
            }
        }
        else{
            wp_safe_redirect($_SERVER['HTTP_REFERER']);
            echo "Please fill all the required fields.";
        }

     
    }
}

Let’s understand the code.

Add Action Hook

First, you need to add an action hook to handle the form submission. The action hook is used to trigger the function when the form is submitted. The admin_post_nopriv_{$action} action hook is used to handle the form submission for non-logged in users. The admin_post_{$action} action hook is used to handle the form submission for logged in users. The {$action} is the action name that you have added to the form.

add_action( 'admin_post_nopriv_contact_form_submission', 'handle_contact_form_submission' );
add_action( 'admin_post_contact_form_submission', 'handle_contact_form_submission' );

Check Nonce

After adding the action hook, you need to check if the nonce is set. The nonce is used to verify that the form submission is valid. The wp_verify_nonce() function is used to verify the nonce. The first parameter is the nonce value, and the second parameter is the nonce name.

// Check if the nonce is set.
if ( isset( $_POST['contact_form_nonce'] ) && wp_verify_nonce( $_POST['contact_form_nonce'], 'contact_form_action' ) ) {
    // Do something.
}

Sanitize Form Data

After verifying the nonce, you need to sanitize the form data. The sanitize_text_field() function is used to sanitize the text field. The sanitize_email() function is used to sanitize the email field.

// Check if the name is set.
if ( isset( $_POST['name'] ) ) {
    $name = sanitize_text_field( $_POST['name'] );
}

// Check if the email is set.
if ( isset( $_POST['email'] ) ) {
    $email = sanitize_email( $_POST['email'] );
}

Verify Google reCAPTCHA

After sanitizing the form data, you need to verify the Google reCAPTCHA. The Google reCAPTCHA is used to prevent spam form submission. You can learn more about Google reCAPTCHA from here. You can also check out the Google reCAPTCHA tutorial.

    $recaptcha_response = $_POST['g-recaptcha-response'];
    $recaptcha_secret = 'RECAPTCHA_SECRET_KEY';
    $recaptcha_verify = wp_safe_remote_get("https://www.google.com/recaptcha/api/siteverify?secret=6LezqOMnAAAAAFLcXYKpO0KKnhhvybmh1l-ZmGeresponse=$recaptcha_response");
    $recaptcha_data = json_decode($recaptcha_verify['body'])
    if ($recaptcha_data->success) {
        // CAPTCHA validation passed
        // Handle file upload if needed
        
        // Send email or save data to databas
    wp_safe_redirect($_SERVER['HTTP_REFERER']);
    } else {
        // CAPTCHA validation failed
        echo "reCAPTCHA verification failed. Please try again.";
    }

Conclusion

In this tutorial, you have learned how to handle form submission in WordPress. You have also learned how to create a form handler file and add the file to the functions.php file. You have also learned how to handle the form submission using the admin-post.php file.

Worpress

Getting Started

Theme Setup

Sanitization

Form

Reference

Quality Assurance

Code Snippets

AMC Guide

Laravel

Best Practices