this is a simple function to handle a number of applicants who were expected to submit their names, emails, and photos.
the following is html form and wordpress function.
but the team manager metioned me that code is insecure, buggy, and poorly designed.
please let me know how to improve my code for security and wordpress WordPress Coding standards
Html Code
<form id="form" method="post" action="#" enctype="multipart/form-data">
<input type="text" name="name" id="name">
<input type="email" name="email" id="email">
<input id="submit" name="submit" type="submit" value="Upload" />
<input type="file" name="doc_file" id="doc_file" multiple="false" />
</form>
Wordpress Code
function saveData(){
if (
!empty($_POST)
) {
global $wpdb;
require_once( ABSPATH . 'wp-admin/includes/image.php' );
require_once( ABSPATH . 'wp-admin/includes/file.php' );
require_once( ABSPATH . 'wp-admin/includes/media.php' );
$d = media_handle_upload( 'doc_file', 0 );
$r = wp_get_attachment_url($d);
$wpdb->insert(
$wpdb->prefix . 'applicants_table',
array(
'name' => $_POST['full_name'],
'email' => $_POST['email'],
'doc_file' => $r
)
);
if ( is_wp_error( $d ) ) {
wp_die( 'Something went horribly wrong. Please try again.' );
}
} else {
wp_die( 'Something went horribly wrong. Please try again.' );
}
}
Top comments (0)