What’s insecure, buggy, and poorly designed in the following wordpress code?
-
this is a simple function to handle a number of applicants who were expected to submit their names, emails, and photos.
the following is html form and wordpress function.
but the team manager metioned me that code is insecure, buggy, and poorly designed.please let me know how to improve my code for security and wordpress WordPress Coding standards
Html Code
<form id="form" method="post" action="#" enctype="multipart/form-data"> <input type="text" name="name" id="name"> <input type="email" name="email" id="email"> <input id="submit" name="submit" type="submit" value="Upload" /> <input type="file" name="doc_file" id="doc_file" multiple="false" /> </form>Php Code
function saveData(){ if ( !empty($_POST) ) { global $wpdb; require_once( ABSPATH . 'wp-admin/includes/image.php' ); require_once( ABSPATH . 'wp-admin/includes/file.php' ); require_once( ABSPATH . 'wp-admin/includes/media.php' ); $d = media_handle_upload( 'doc_file', 0 ); $r = wp_get_attachment_url($d); $wpdb->insert( $wpdb->prefix . 'applicants_table', array( 'name' => $_POST['full_name'], 'email' => $_POST['email'], 'doc_file' => $r ) ); if ( is_wp_error( $d ) ) { wp_die( 'Something went horribly wrong. Please try again.' ); } } else { wp_die( 'Something went horribly wrong. Please try again.' ); } } -
Hi there! You’ve landed on the support forums for websites that are hosted here on WordPress.com. Your WordPress.com account doesn’t appear to have any sites associated with it; were you asking about code for a site hosted elsewhere which uses the free WordPress software from WordPress.org instead?
If so, then WordPress.org do have a community forum of fellow site owners where you can ask questions! You can find it at this link:
https://wordpress.org/support/forums/
- The topic ‘What’s insecure, buggy, and poorly designed in the following wordpress code?’ is closed to new replies.
WordPress.com Forums 