The latest articles on DEV Community by jrdev (@jrdev). https://dev.to/jrdev https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F358899%2Fa75fe113-1dcf-430b-94dc-f12a700ac855.jpg https://dev.to/jrdev en jrdev Sat, 11 Feb 2023 04:44:48 +0000 https://dev.to/jrdev/whats-insecure-buggy-and-poorly-designed-in-the-following-wordpress-code-3f96 https://dev.to/jrdev/whats-insecure-buggy-and-poorly-designed-in-the-following-wordpress-code-3f96 <p>this is a simple function to handle a number of applicants who were expected to submit their names, emails, and photos.<br> the following is html form and wordpress function.<br> but the team manager metioned me that code is insecure, buggy, and poorly designed.</p> <p>please let me know how to improve my code for security and wordpress WordPress Coding standards </p> <p><strong>Html Code</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;form</span> <span class="na">id=</span><span class="s">"form"</span> <span class="na">method=</span><span class="s">"post"</span> <span class="na">action=</span><span class="s">"#"</span> <span class="na">enctype=</span><span class="s">"multipart/form-data"</span><span class="nt">&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"text"</span> <span class="na">name=</span><span class="s">"name"</span> <span class="na">id=</span><span class="s">"name"</span><span class="nt">&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"email"</span> <span class="na">name=</span><span class="s">"email"</span> <span class="na">id=</span><span class="s">"email"</span><span class="nt">&gt;</span> <span class="nt">&lt;input</span> <span class="na">id=</span><span class="s">"submit"</span> <span class="na">name=</span><span class="s">"submit"</span> <span class="na">type=</span><span class="s">"submit"</span> <span class="na">value=</span><span class="s">"Upload"</span> <span class="nt">/&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"file"</span> <span class="na">name=</span><span class="s">"doc_file"</span> <span class="na">id=</span><span class="s">"doc_file"</span> <span class="na">multiple=</span><span class="s">"false"</span> <span class="nt">/&gt;</span> <span class="nt">&lt;/form&gt;</span> </code></pre> </div> <p><strong>Wordpress Code</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">function</span> <span class="n">saveData</span><span class="p">(){</span> <span class="k">if</span> <span class="p">(</span> <span class="o">!</span><span class="k">empty</span><span class="p">(</span><span class="nv">$_POST</span><span class="p">)</span> <span class="p">)</span> <span class="p">{</span> <span class="k">global</span> <span class="nv">$wpdb</span><span class="p">;</span> <span class="k">require_once</span><span class="p">(</span> <span class="no">ABSPATH</span> <span class="mf">.</span> <span class="s1">'wp-admin/includes/image.php'</span> <span class="p">);</span> <span class="k">require_once</span><span class="p">(</span> <span class="no">ABSPATH</span> <span class="mf">.</span> <span class="s1">'wp-admin/includes/file.php'</span> <span class="p">);</span> <span class="k">require_once</span><span class="p">(</span> <span class="no">ABSPATH</span> <span class="mf">.</span> <span class="s1">'wp-admin/includes/media.php'</span> <span class="p">);</span> <span class="nv">$d</span> <span class="o">=</span> <span class="nf">media_handle_upload</span><span class="p">(</span> <span class="s1">'doc_file'</span><span class="p">,</span> <span class="mi">0</span> <span class="p">);</span> <span class="nv">$r</span> <span class="o">=</span> <span class="nf">wp_get_attachment_url</span><span class="p">(</span><span class="nv">$d</span><span class="p">);</span> <span class="nv">$wpdb</span><span class="o">-&gt;</span><span class="nf">insert</span><span class="p">(</span> <span class="nv">$wpdb</span><span class="o">-&gt;</span><span class="n">prefix</span> <span class="mf">.</span> <span class="s1">'applicants_table'</span><span class="p">,</span> <span class="k">array</span><span class="p">(</span> <span class="s1">'name'</span> <span class="o">=&gt;</span> <span class="nv">$_POST</span><span class="p">[</span><span class="s1">'full_name'</span><span class="p">],</span> <span class="s1">'email'</span> <span class="o">=&gt;</span> <span class="nv">$_POST</span><span class="p">[</span><span class="s1">'email'</span><span class="p">],</span> <span class="s1">'doc_file'</span> <span class="o">=&gt;</span> <span class="nv">$r</span> <span class="p">)</span> <span class="p">);</span> <span class="k">if</span> <span class="p">(</span> <span class="nf">is_wp_error</span><span class="p">(</span> <span class="nv">$d</span> <span class="p">)</span> <span class="p">)</span> <span class="p">{</span> <span class="nf">wp_die</span><span class="p">(</span> <span class="s1">'Something went horribly wrong. Please try again.'</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nf">wp_die</span><span class="p">(</span> <span class="s1">'Something went horribly wrong. Please try again.'</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> api howto webdev coding