The complete lifecycle of a form submission from POST to response.
Pipeline Stages
- Nonce Verification —
check_ajax_referer( 'formforge_nonce', 'nonce' ) - Anti-Spam Checks — honeypot, time check, token validation, reCAPTCHA
- Form Loading — form is loaded from the database by
form_id - Field Sanitization — each field value is sanitized based on type via
FORMFORGE_Field_Types::sanitize() - Field Validation — required checks, format validation, custom regex
- File Upload Processing — files are validated (MIME, size) and moved to uploads directory
- Conditional Logic Evaluation — hidden fields are excluded from required validation
- Submission Storage — data is JSON-encoded and inserted into
wp_formforge_submissions; if the insert fails, the AJAX response is an error and no integrations or submit analytics are fired - Integration Dispatch — email, webhooks, Mailchimp, HubSpot, Google Sheets, etc.
- Post/User Creation — if enabled, WordPress posts or users are created
- Analytics Tracking —
submitevent recorded inwp_formforge_analyticsonly after a submission row exists - Response — JSON success/error response sent to the frontend
Hooking into the Pipeline
php
// Before save (stage between 2 and 8)
add_action( 'formforge_before_submit', function( $form_id, $data, $form ) {
// Custom validation, data modification, external checks
}, 10, 3 );
// After save (stage after 11)
add_action( 'formforge_after_submit', function( $submission_id, $form_id, $data ) {
// CRM pushes, logging, external notifications
}, 10, 3 );Error Handling Strategy
Integration errors (Mailchimp, Google Sheets, HubSpot) are logged but never block the submission. The user always sees a success response if the core submission succeeds. Mailchimp and HubSpot write a short rolling diagnostic tail to the formforge_integration_log option so support can distinguish skipped submissions from remote API failures without exposing the error to visitors.
—