Save Process & $_POST

This episode is VERY important as you’ll learn how a form in the browser is processed back on the web server. The entire back-end interface on the edit post and page screens is an HTML form. The meta box you built earlier is a component of input fields within that form. When you click on Publish or Update, all of the content on the page is sent back to the web server and stored in the $_POST super global in PHP.

Big points here for you to master:

1. Saving a post, page, custom post type, etc. triggers a post back from the browser to the server, as the HTML form is processed.
2. PHP, running on the web server, stores all of that data into a super global called $_POST.
3. The form field names are the keys within the $_POST array.
4. $_POST will include things like the post ID, post title, content, post status, author, categories, tags, all of the custom fields (post metadata), etc.

In this episode, we look at the saving processing and explore what’s in $_POST after updating a post.

Save Process

For our meta box, we register our saving function to an action event called save_post. When WordPress fires that event, our meta box saving function is called.

But here’s the thing. What if our meta box isn’t on that screen? We’ve registered our saving function to an event that fires for ALL saving activities, regardless if our meta box is on that screen or not. Hmm, that means we need to check:

• Is our meta key in the $_POST super global variable? If no, bail out.
• Does it have the right nonce security? If no, bail out.

If we pass both of those checks, then we want to continue processing the form fields and then updating the database accordingly.