For a great many of the things you might want to do with PeakZebra, no coding is required. Data is entered, is stored for later use, and is subsequently retrieved.

But you should know that it’s also easy to process the data being sent to the WordPress server in whatever way you’d like.

The primary option for handling submitted data is to write a custom PHP script to do more or less whatever you want with the data when it arrives at the server. Your PHP file will have the same name as your form and will be stored in the submit folder within the plugin (you’ll need admin rights and a general understanding of working with files on the server outside of the WordPress framework).

Within your PHP file, you’ll have access to $_POST and, additionally, all of the variables submitted will be individually available. So if you created a field with the name alternate_email, there will be a variable called $alternate_email.

Your commands will run within the context of the form handler that PZForms uses for all forms, meaning that once you’ve changed your variables as desired, normal processing will continue (unless you kill the process within your script) and, if an email address has been set, the data will be sent to the targeted address.

As with any programming related to user form input, you need to be extremely careful to avoid leaving yourself open to hacker attacks. For ever field you process (including fields that are normally hidden from the user), use the appropriate WordPress core “sanitize” function. Perform any other sanity checks you can (if you’re expecting a number between 1 and 100, for example, make sure that the input is a number and that it is indeed within the range.

Let’s emphasize this point: Any data you receive from a form could potentially be data supplied by a malicious hacker. Always check the input as carefully as the circumstances allow and never directly execute a command that contains any part of a field unless you are certain it can’t be used maliciously.