wp_new_comment( array $commentdata, bool $wp_error = false ): int|false|WP_Error

Adds a new comment to the database.

Description

Filters new comment to ensure that the fields are sanitized and valid before inserting comment into database. Calls ‘comment_post’ action with comment ID and whether comment is approved by WordPress. Also has ‘preprocess_comment’ filter for processing the comment data before the function handles it.

We use REMOTE_ADDR here directly. If you are behind a proxy, you should ensure that it is properly set, such as in wp-config.php, for your environment.

See https://core.trac.wordpress.org/ticket/9235

Parameters

$commentdata array Required

Comment data.

comment_authorstring
The name of the comment author.
comment_author_emailstring
The comment author email address.
comment_author_urlstring
The comment author URL.
comment_contentstring
The content of the comment.
comment_datestring
The date the comment was submitted. Default is the current time.
comment_date_gmtstring
The date the comment was submitted in the GMT timezone.
Default is $comment_date in the GMT timezone.
comment_typestring
Comment type. Default 'comment'.
comment_parentint
The ID of this comment's parent, if any. Default 0.
comment_post_IDint
The ID of the post that relates to the comment.
user_idint
The ID of the user who submitted the comment. Default 0.
user_IDint
Kept for backward-compatibility. Use $user_id instead.
comment_agentstring
Comment author user agent. Default is the value of 'HTTP_USER_AGENT' in the $_SERVER superglobal sent in the original request.
comment_author_IPstring
Comment author IP address in IPv4 format. Default is the value of 'REMOTE_ADDR' in the $_SERVER superglobal sent in the original request.

$wp_error bool Optional

Should errors be returned as WP_Error objects instead of executing wp_die() ?

More Arguments from wp_die( ... $args )

Arguments to control behavior. If $args is an integer, then it is treated as the response code.

responseint
The HTTP response code. Default 200 for Ajax requests, 500 otherwise.
link_urlstring
A URL to include a link to. Only works in combination with $link_text.
Default empty string.
link_textstring
A label for the link to include. Only works in combination with $link_url.
Default empty string.
back_linkbool
Whether to include a link to go back. Default false.
text_directionstring
The text direction. This is only useful internally, when WordPress is still loading and the site's locale is not set up yet. Accepts 'rtl' and 'ltr'.
Default is the value of is_rtl() .
charsetstring
Character set of the HTML output. Default 'utf-8'.
codestring
Error code to use. Default is 'wp_die', or the main error code if $message is a WP_Error.
exitbool
Whether to exit the process after completion. Default true.

Default: false

Return

int|false|WP_Error The ID of the comment on success, false or WP_Error on failure.

Source

File: wp-includes/comment.php. View all references

function wp_new_comment( $commentdata, $wp_error = false ) {
	global $wpdb;

	/*
	 * Normalize `user_ID` to `user_id`, but pass the old key
	 * to the `preprocess_comment` filter for backward compatibility.
	 */
	if ( isset( $commentdata['user_ID'] ) ) {
		$commentdata['user_ID'] = (int) $commentdata['user_ID'];
		$commentdata['user_id'] = $commentdata['user_ID'];
	} elseif ( isset( $commentdata['user_id'] ) ) {
		$commentdata['user_id'] = (int) $commentdata['user_id'];
		$commentdata['user_ID'] = $commentdata['user_id'];
	}

	$prefiltered_user_id = ( isset( $commentdata['user_id'] ) ) ? (int) $commentdata['user_id'] : 0;

	if ( ! isset( $commentdata['comment_author_IP'] ) ) {
		$commentdata['comment_author_IP'] = $_SERVER['REMOTE_ADDR'];
	}

	if ( ! isset( $commentdata['comment_agent'] ) ) {
		$commentdata['comment_agent'] = isset( $_SERVER['HTTP_USER_AGENT'] ) ? $_SERVER['HTTP_USER_AGENT'] : '';
	}

	/**
	 * Filters a comment's data before it is sanitized and inserted into the database.
	 *
	 * @since 1.5.0
	 * @since 5.6.0 Comment data includes the `comment_agent` and `comment_author_IP` values.
	 *
	 * @param array $commentdata Comment data.
	 */
	$commentdata = apply_filters( 'preprocess_comment', $commentdata );

	$commentdata['comment_post_ID'] = (int) $commentdata['comment_post_ID'];

	// Normalize `user_ID` to `user_id` again, after the filter.
	if ( isset( $commentdata['user_ID'] ) && $prefiltered_user_id !== (int) $commentdata['user_ID'] ) {
		$commentdata['user_ID'] = (int) $commentdata['user_ID'];
		$commentdata['user_id'] = $commentdata['user_ID'];
	} elseif ( isset( $commentdata['user_id'] ) ) {
		$commentdata['user_id'] = (int) $commentdata['user_id'];
		$commentdata['user_ID'] = $commentdata['user_id'];
	}

	$commentdata['comment_parent'] = isset( $commentdata['comment_parent'] ) ? absint( $commentdata['comment_parent'] ) : 0;

	$parent_status = ( $commentdata['comment_parent'] > 0 ) ? wp_get_comment_status( $commentdata['comment_parent'] ) : '';

	$commentdata['comment_parent'] = ( 'approved' === $parent_status || 'unapproved' === $parent_status ) ? $commentdata['comment_parent'] : 0;

	$commentdata['comment_author_IP'] = preg_replace( '/[^0-9a-fA-F:., ]/', '', $commentdata['comment_author_IP'] );

	$commentdata['comment_agent'] = substr( $commentdata['comment_agent'], 0, 254 );

	if ( empty( $commentdata['comment_date'] ) ) {
		$commentdata['comment_date'] = current_time( 'mysql' );
	}

	if ( empty( $commentdata['comment_date_gmt'] ) ) {
		$commentdata['comment_date_gmt'] = current_time( 'mysql', 1 );
	}

	if ( empty( $commentdata['comment_type'] ) ) {
		$commentdata['comment_type'] = 'comment';
	}

	$commentdata = wp_filter_comment( $commentdata );

	$commentdata['comment_approved'] = wp_allow_comment( $commentdata, $wp_error );

	if ( is_wp_error( $commentdata['comment_approved'] ) ) {
		return $commentdata['comment_approved'];
	}

	$comment_ID = wp_insert_comment( $commentdata );

	if ( ! $comment_ID ) {
		$fields = array( 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content' );

		foreach ( $fields as $field ) {
			if ( isset( $commentdata[ $field ] ) ) {
				$commentdata[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->comments, $field, $commentdata[ $field ] );
			}
		}

		$commentdata = wp_filter_comment( $commentdata );

		$commentdata['comment_approved'] = wp_allow_comment( $commentdata, $wp_error );
		if ( is_wp_error( $commentdata['comment_approved'] ) ) {
			return $commentdata['comment_approved'];
		}

		$comment_ID = wp_insert_comment( $commentdata );
		if ( ! $comment_ID ) {
			return false;
		}
	}

	/**
	 * Fires immediately after a comment is inserted into the database.
	 *
	 * @since 1.2.0
	 * @since 4.5.0 The `$commentdata` parameter was added.
	 *
	 * @param int        $comment_ID       The comment ID.
	 * @param int|string $comment_approved 1 if the comment is approved, 0 if not, 'spam' if spam.
	 * @param array      $commentdata      Comment data.
	 */
	do_action( 'comment_post', $comment_ID, $commentdata['comment_approved'], $commentdata );

	return $comment_ID;
}

Hooks

do_action( 'comment_post', int $comment_ID, int|string $comment_approved, array $commentdata ): Fires immediately after a comment is inserted into the database.

apply_filters( 'preprocess_comment', array $commentdata ): Filters a comment’s data before it is sanitized and inserted into the database.

Uses

Uses	Description
wpdb::strip_invalid_text_for_column() wp-includes/class-wpdb.php	Strips any invalid characters from the string for a given table and column.
current_time() wp-includes/functions.php	Retrieves the current time based on specified type.
wp_get_comment_status() wp-includes/comment.php	Retrieves the status of a comment by comment ID.
wp_filter_comment() wp-includes/comment.php	Filters and sanitizes comment data.
wp_insert_comment() wp-includes/comment.php	Inserts a comment into the database.
wp_allow_comment() wp-includes/comment.php	Validates whether this comment is allowed to be made.
absint() wp-includes/functions.php	Converts a value to non-negative integer.
apply_filters() wp-includes/plugin.php	Calls the callback functions that have been added to a filter hook.
do_action() wp-includes/plugin.php	Calls the callback functions that have been added to an action hook.
is_wp_error() wp-includes/load.php	Checks whether the given variable is a WordPress Error.

Used By

Used By	Description
wp_handle_comment_submission() wp-includes/comment.php	Handles the submission of a comment, usually posted to wp-comments-post.php via a comment form.
wp_ajax_replyto_comment() wp-admin/includes/ajax-actions.php	Ajax handler for replying to a comment.
wp_xmlrpc_server::pingback_ping() wp-includes/class-wp-xmlrpc-server.php	Retrieves a pingback and registers it.
wp_xmlrpc_server::wp_newComment() wp-includes/class-wp-xmlrpc-server.php	Create new comment.

Changelog

Version	Description
5.5.0	Introduced the `comment_type` argument.
4.7.0	The `$avoid_die` parameter was added, allowing the function to return a WP_Error object instead of dying.
4.3.0	Introduced the `comment_agent` and `comment_author_IP` arguments.
1.5.0	Introduced.

© 2003–2022 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/wp_new_comment

Docs

Docs4dev

Title here