I have created a form where an Admin can create text and also use objects as used in Blade. I want to store the text in a table and then display it in HTML with the objects working properly.
For example, I would have a form with this input in my view
<div class='form-group'>
<textarea placeholder="" name='comments' type='' rows='10' class='form-control' id='' value = '{{ old('comments') ?? $plansubmission->comments }}'>{{ $plansubmission->comments }}</textarea>
<div>{{ $errors->first('comments') }}</div>
</div>
In that form input, I have entered the following:
Dear Employee, {{ $plansubmission->id }}
This input validates and the input is sent to comments column in the proper table in my database.
Now, I want to return the comments column back into the view with all the spacing that was submitted into the input (therefore, I use the 'pre' tags):
<pre> {{ $plansubmission->comments}} </pre>
The plan text and spacing is maintained but the blade part simply comes out as {{ $plansubmission->id}} instead of what the actual property is.
It's a major security problem to let users submit blade templates to display data. Blade is compiled to PHP so you would be essentially allowing users to execute any PHP code they want. I would recommend you use something like mustache to let users inject variables into the output.
In the controller that passes the data to the view, you can pass the $plansubmission->comments through a mustache parser. This will treat the comments field as a template, and the second parameter sets the variables that the template has access to. This way you can explicitly set what the comment template has access to so you don't let users leak more data than is required.
$m = new Mustache_Engine;
$comments = $m->render($plansubmission->comments, $plansubmission->toArray());
Then users can put something like this in the comments field
Dear Employee, {{ id }}
Then in the view do
<pre> {{ $comments }} </pre>
and it will output
<pre> Dear Employee, 123 </pre>
Related
I create a customer with the CRUD from Laravel. I add some base data like "Name, Birthday, Sex etc.).
Now I use the "show" route from Laravel and see the data that I saved in the database table (kundens).
From this view, I generate a PDF with a button. All this works for me. All the data come from my table "kundens". The view data come from this table, too. But how can I show data from more than one table in the same "view"? I need to add some more data in the PDF - not only from the "kundens" table.
My code for the customer view is this:
<div class="row">
<div class="col-md-12 col-md-offset-12">
<h4>Übersicht</h4>
<h5>Persönliche Daten</h5>
{{ $kunden->vorname }}<br>
{{ $kunden->nachname }}<br>
{{ $kunden->strasse }}<br>
{{ $kunden->plz }}
{{ $kunden->wohnort }}<br>
<button class="btn btn-danger" style="color: #fff"><a style="color: #fff" href="{{asset('admin/generate_offer')}}{{ '/'.$kunden->id }}">Angebot erstellen</a></button>
<ul>
#foreach($kunden['offer'] as $offer)
<li>{{$offer->id}} </li>
#endforeach
</ul>
</div>
</div>
There you see that I take the information from $kunden - but I need to take more information that saved in another table.
Does anyone know a solution?
So first of all, you have to write your model and controller so we can see it better than what you write but here, for example, you want to make some other model, to show up here. So here is how you do it:
In your main model, kundens model you write like this:
public function somedata() {
return $this->hasOne('App\YOURAPP','id','Table_id'); // in case you have the name of tables as ID not the Table_id you must not the second and third argument here
}
and in your controller, you must write like this:
$kundens= Kundens::with('somedata')->get(); // here some data is the name of the function that u inserted in your controller
So you have to customize this a bit into your needs.
I hope this helps...
Apparently, you are generating a PDF file in the admin/generate_offer related controller.
So in order to have more data, just get your data in that controller (that is responsible for generating PDF file) and simply add all of them no matter what and how many tables you want to get.
I want to ask if it is possible to do something like this in View in Laravel 5.2:
<p> This is window: {{$element_ + 'window'}} </p>
<p> This is wall: {{$element_ + 'wall'}} </p>
The values for this variables are from $element_window, $element_wall.
There are couple of options.
First - is to use #php block in .blade file for dynamic output:
#php
${'window'} = ${$element_.'window'}
#endphp
Second is to write custom blade extension to output anything you need.
Third is to define custom method in your Model (if you use one).
However I should mention, that such variable assignment inside template (first option) is not recommended. It's hardly readable and could cause Exceptions if such dynamically created variables do not exist at some point. Not saying that this is not presentation logic.
If you want to dynamically name a variable.. you can do the following.
<p> This is window: {{ ${'element_'.'window'} }} </p>
<p> This is wall: {{ ${'element_'.'wall'} }} </p>
That should work.
But if just want to concatenate a string to the variable... you can use "." :-)
I want to show the validation errors to the users in comma seperated
i.e.,
The username field is required, The password field is required
So far i can able to send the validation error messages to the view like this
$validation->messages()
But the only thing i can't able to do
#if(Session::has('Message'))
<p class="alert">{{ Session::get('Message') }}</p>
#endif
or
{{ $errors->first('username', '<div class="error">:message</div>') }}
The only thing i can do is to pass the messages as normal text.
So, How can i pass the validation messages to a view by plain text (rather than array or object)
Update :
I mean to say i can do any works only in controller and not in view
in controller:
return implode(',',$validation->errors()->all());
I am currently learning Laravel and finding it really useful and interesting.
At the moment I am making a simple online application form.
What are the biggest advantages to doing things using the Laravel syntax like:
{{ Form::open(array('url' => 'foo/bar')) }}
As opposed to simply:
<form action="foo/bar">
Or:
echo Form::text('username');
Instead of:
<input type="text" name="username" />
The Laravel way must be better, I just wish to know why exactly?
Using built-in HTML helpers have many benefits:
Using Form::open you add CSRF protection input hidden (by default)
Using form elements (inputs/textarea etc.) and withInput method for Redirection allows you to easily fill in the form with the same data with almost no coding
If you use Redirect::route('form'->withInput(); and have input
text {{Form::text('username')}} it will automatically set input's value the old data - you don't need to code it yourself checking it
Also if you want to match fields with labels its much easier:
{{ Form::label('username', 'Enter username') }}
{{ Form::text('username') }}
it will generate the following code:
<label for="username">Enter username</label>
<input name="username" type="text" id="username">
so as you see id will be created automatically
Probably there are some more. However the main disadvantage is that you need to learn and it's not portable in case you want to move your site to other Framework but each solution has pros and cons.
There are so many advantages of using Laravel's Form component but one useful advantage is that, when you just use this:
{{ Form::open(array('url' => 'foo/bar')) }}
{{ Form::close() }}
It automatically appends a hidden _token field which is useful for CSRF protection. otherwise you have to manually create the _token field using echo Form::token() or other way maybe. Also, when you use RESTful routes then Laravel's Form component appends the corresponding hidden _method field as well. Following note is taken from Laravel website:
Note: Since HTML forms only support POST and GET, PUT and DELETE
methods will be spoofed by automatically adding a _method hidden field
to your form.
There are also other advantages like Form Model Binding, generating form elements (specially select) easily and many more. Read more about Form on documentation.
BTW, the Redirect::back()->withInput() doesn't deppend only on use of Form component, if you use something like this, for example:
<input type='text' name='username' value='<?php echo Input::old('username') ?>' />
This will still work, the field will be repopulated on redirect back with inputs.
In Symfony docs they say to use this
<div>
{{ form_label(form.task) }}
{{ form_errors(form.task) }}
{{ form_widget(form.task) }}
</div>
But this generates the label element.
But I want to have table <td> instead of <label>
And also for the input textbox, I want to mention the size of text box. Where can I do that?
You have to define your form theme.
Probably, this tutorial is what you are looking for