I have a form on my site.

This the user register one missing person. I created a custom post type missing person, custom taxonomies, and custom fields. All this input's save as well in wp.

But I don't know submit an image and save this image as featured image.

$my_post = array(
                 'post_title' => $_POST['title'],
                 'post_date' => $_SESSION['cal_startdate'],
                 'post_content' => $_POST['myContent'],
                 'post_status' => 'draft',
                 'post_type' => 'pessoa_desaparecida',
              );

$post_id = wp_insert_post($my_post);


$uploaddir = wp_upload_dir();
$file = $_FILES["test"]["name"];
$uploadfile = $uploaddir['path'] . '/' . basename( $file );

move_uploaded_file( $file , $uploadfile );
$filename = basename( $uploadfile );

$wp_filetype = wp_check_filetype(basename($filename), null );

$attachment = array(
    'post_mime_type' => $wp_filetype['type'],
    'post_title' => preg_replace('/\.[^.]+$/', '', $filename),
    'post_content' => '',
    'post_status' => 'inherit',
    'menu_order' => $_i + 1000
);
$attach_id = wp_insert_attachment( $attachment, $uploadfile );
update_post_meta($post_id,'_thumbnail_id',$attach_id);

set_post_thumbnail( $post_id, $thumbnail_id );

but not works

My Form in frontend is:

<form action="/homolog/cadastro" method="post" enctype="multipart/form-data">
 <input type="text"  name="title" />
 <input type="file" size="20"  name="test" />
</form>

PRINT:

I have a form on my site.

This the user register one missing person. I created a custom post type missing person, custom taxonomies, and custom fields. All this input's save as well in wp.

But I don't know submit an image and save this image as featured image.

$my_post = array(
                 'post_title' => $_POST['title'],
                 'post_date' => $_SESSION['cal_startdate'],
                 'post_content' => $_POST['myContent'],
                 'post_status' => 'draft',
                 'post_type' => 'pessoa_desaparecida',
              );

$post_id = wp_insert_post($my_post);


$uploaddir = wp_upload_dir();
$file = $_FILES["test"]["name"];
$uploadfile = $uploaddir['path'] . '/' . basename( $file );

move_uploaded_file( $file , $uploadfile );
$filename = basename( $uploadfile );

$wp_filetype = wp_check_filetype(basename($filename), null );

$attachment = array(
    'post_mime_type' => $wp_filetype['type'],
    'post_title' => preg_replace('/\.[^.]+$/', '', $filename),
    'post_content' => '',
    'post_status' => 'inherit',
    'menu_order' => $_i + 1000
);
$attach_id = wp_insert_attachment( $attachment, $uploadfile );
update_post_meta($post_id,'_thumbnail_id',$attach_id);

set_post_thumbnail( $post_id, $thumbnail_id );

but not works

My Form in frontend is:

<form action="/homolog/cadastro" method="post" enctype="multipart/form-data">
 <input type="text"  name="title" />
 <input type="file" size="20"  name="test" />
</form>

PRINT:

• custom-post-types
• post-thumbnails
• front-end
• wp-insert-post

Share Improve this question edited Nov 2, 2017 at 14:35 Mostafa Soufi 80577 silver badges1919 bronze badges asked Jul 21, 2014 at 0:35 ArieArie 1111 silver badge33 bronze badges 6

• I have the form in my frontend, this form insert a custom post type. This form has one input file to upload a image, this image would be my featured image. I just upload and set one featured image from my form – Arie Commented Jul 21, 2014 at 1:45
• If you want to get help you need to edit your question and describe what have you tried and where did it fail. Right now you didn't describe any problem, you are on the right way you just need to do some research and use the relevant APIs – Mark Kaplun Commented Jul 21, 2014 at 1:55
• Mark, I change the question. Do you can help? – Arie Commented Jul 21, 2014 at 2:37
• possible duplicate of Set Featured Image Front Frontend Form – Brad Dalton Commented Jul 21, 2014 at 17:57
• Brad, my folder uploads/2014/07/ is empty! – Arie Commented Jul 21, 2014 at 18:24

 |  Show 1 more comment

4 Answers 4

Sorted by: Reset to default 1

sorry this isn't an answer but you need to sanitize that user input. Your allowing tags to be written directly into your post content which allows anyone to run javascript in both wp admin and on the front end of your site (assuming you'll eventually print these posts). highly recommend (at minimum) strip_tags() or htmlspecialchars() on all user input strings. there are better/alternative ways but this is at least a good start without going into too much detail.

In theory the title would be an issue but I'm pretty sure WordPress will strip tags from there. however WordPress allows script tags in post content so that people can use embed codes.

if you are unaware of the risks of not sanitizing user input then id recommend even more caution when handling file uploads. downloading a malicious file or having thousands of your websites users do this could potentially be alot worse than having some malicious javascript run inside your browser. Thankfully wp_insert_post will at least prevent sql injection on your completely raw user input.

my only further recommendation is to at least check the allowed mime types and use WordPress functions whenever possible to handle the uploads, assuming that they might offer some protection against malicious files but apart from that i can't give much advice on how to do this securely (although i have done it before... i don't have access to that code right now).

You can try this way :

set_post_thumbnail( $my_post_id, $thumbnail_id );

You have to add image into library first like this way :

 $uploaddir = wp_upload_dir();
 $file = $_FILES[ ... whatever you have in your POST data ... ];
 $uploadfile = $uploaddir['path'] . '/' . basename( $file );

 move_uploaded_file( $file , $uploadfile );
 $filename = basename( $uploadfile );

 $wp_filetype = wp_check_filetype(basename($filename), null );

 $attachment = array(
      'post_mime_type' => $wp_filetype['type'],
      'post_title' => preg_replace('/\.[^.]+$/', '', $filename),
      'post_content' => '',
      'post_status' => 'inherit',
      'menu_order' => $_i + 1000
  );
  $attach_id = wp_insert_attachment( $attachment, $uploadfile );

For more detail please see this link

First of all you should check if your theme supports thumbnails and that your missing person CPT supports it too. If you create your CPT via PHP coding, check this:

add_theme_support( 'post-thumbnails' );
register_post_type( 'yourposttype', array(
    ...,
    'supports' => array('title', ...,'thumbnail'),
));

}

Then if this is right, the code in the answer below should work.

In your case, I'll prefer suggest you to use one of these functions depending on the case and especially what you get from $_POST :

• media_handle_upload()
• media_handle_sideload()