I'm wondering what the preferred method is for dealing with AJAX calls. Should one use the same plugin php file to process the POST or a separate one? Which is cleaner or safer?
I'm wondering what the preferred method is for dealing with AJAX calls. Should one use the same plugin php file to process the POST or a separate one? Which is cleaner or safer?
the "safer and cleaner" way would be to use admin-ajax.php that comes with wordpress and wp_ajax hook to call your processing function from your plugin file and use wp-nonce to check the integrity of the call.
for example:
your ajax JQuery call would be
<script type="text/javascript" >
jQuery(document).ready(function($) {
var data = {
action: 'ACTION_NAME',
Whatever: '1234',
_ajax_nonce: '<?php echo wp_create_nonce( 'my_ajax_nonce' ); ?>'
};
// since 2.8 ajaxurl is always defined in the admin header and points to admin-ajax.php
// If you need it on a public facing page, uncomment the following line:
// var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>';
jQuery.post(ajaxurl, data, function(response) {
alert('Got this from the server: ' + response);
});
});
</script>
then in your plugin file add
//if you want only logged in users to access this function use this hook
add_action('wp_ajax_ACTION_NAME', 'my_AJAX_processing_function');
//if you want none logged in users to access this function use this hook
add_action('wp_ajax_nopriv_ACTION_NAME', 'my_AJAX_processing_function');
*if you want logged in users and guests to access your function by ajax then add both hooks. *ACTION_NAME must match the action value in your ajax POST.
then in your function just make sure the request came from valid source
function my_AJAX_processing_function(){
check_ajax_referer('my_ajax_nonce');
//do stuff here...
}
Hope this Helps