What’s the preferred method of writing AJAX-enabled plugins?

1 comment

1. the “safer and cleaner” way would be to use admin-ajax.php that comes with wordpress and wp_ajax hook to call your processing function from your plugin file and use wp-nonce to check the integrity of the call.

   for example:

   your ajax JQuery call would be

   <script type="text/javascript" >
   jQuery(document).ready(function($) {
   
       var data = {
           action: 'ACTION_NAME',
               Whatever: '1234',
               _ajax_nonce: '<?php echo wp_create_nonce( 'my_ajax_nonce' ); ?>'
   
       };
   
       // since 2.8 ajaxurl is always defined in the admin header and points to admin-ajax.php
       // If you need it on a public facing page, uncomment the following line:
       // var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>';
       jQuery.post(ajaxurl, data, function(response) {
           alert('Got this from the server: ' + response);
       });
   });
   </script>
   

   then in your plugin file add

   //if you want only logged in users to access this function use this hook
   add_action('wp_ajax_ACTION_NAME', 'my_AJAX_processing_function');
   
   //if you want none logged in users to access this function use this hook
   add_action('wp_ajax_nopriv_ACTION_NAME', 'my_AJAX_processing_function');
   

   *if you want logged in users and guests to access your function by ajax then add both hooks.
   *ACTION_NAME must match the action value in your ajax POST.

   then in your function just make sure the request came from valid source

   function my_AJAX_processing_function(){
      check_ajax_referer('my_ajax_nonce');
      //do stuff here...
   }
   

   Hope this Helps

   Log in to Reply