I understand that passing record ids through the url isn't usually a good idea, but I am wondering how I can avoid it in my case:
My objective is to list job statuses on a user dashboard and allow users to adjust the status.
I create my view and pass variables to it using the session:
userController.php
public function getdashboard()
{
//reading the user information
$arrPageData['user'] = Sentry::getUser();
//reading the job interviews
$arrPageData['jobInterviews'] = JobInterview::readCurrentInterviews($this->userID);
return View::make('clients.dashboard', $arrPageData);
}
This part works great and I don't use the record id in the route. I iterate through the jobInterviews in the dashboard view. Depending up on the status listed in the DB table, I give the user options
view file: dashboard.blade.php (snippet)
#foreach ($jobInterviews as $interviews)
#if ($interviews->j == $job->id)
<tbody>
<tr>
<td>
{{$interviews->contact_name}}
#if ($interviews->status == 'interview request accepted')
Hire
#elseif ($interviews->status == 'hired')
<button id="complete" class="btn btn-info btn-small">Mark Project Complete</button>
#endif
</td>
<td>{{$interviews->status}} </td>
</tr>
</tbody>
...
The problem that I am having is that to complete the job status change, I am calling the method and passing in the record id:
Still in dashboard.blade.php
<form action="../jobs/offer/{{$interviews->interview_id}}" method="post">
This is then routed through:
Route::post('/jobs/offer/{id}','JobController#jobOffer');
Everything works as I want it to but I don't think I am doing it right from a security stand point. Is there a better way to call the jobOffer method and change the status besides using the record id in the route when getting the data from an array i've iterated through?
Thanks in advance for the help.
You may try this:
{{ Form::open(array('action' => array('JobController#jobOffer', $interviews->interview_id))) }}
<!-- Rest of the form fields -->
{{ Form::close() }}
This way you don't need to add csrf/_method input manually and by default it's METHOD would be POST so you can omit that.
Related
I created a To-do list using Laravel, i can store data into a database and display it using the for each function built in Laravel. I can also click a button to check off each to-do that has been completed. I am currently trying to display completed To-dos on my page just like how it displays all to-dos.
Everything works except for the for each statements, the program is only allowing me to have one or the other. I have a for each to display all To-dos in the database and the other for each is to display only the completed To-dos in the database. if i have one or the other for each statement the program will run which ever one you have in the code, but if i have both for each statements then the first variable becomes undefined. My guess is you cannot run them consecutively.
#foreach ($listItems as $listItem)
<span>Item: {{ $listItem->name }}</span>
<form method="post" action="{{ route('markComplete', $listItem->id) }}" accept-charset="UTF-8"
style="display:inline-block;">
{{ csrf_field() }}
<input type="submit" value="✔"></input>
</form></br></br>
#endforeach
#foreach ($completedTodos as $listItemcomplete)
<span>Complete Item: {{ $listItemcomplete->name }}</br></span>
#endforeach
Hey so I'm trying to sort entries by a type of pet, the code below is code from my blade.php
<div>
<td>
<form>
#csrf
<input name="cat" type="hidden" value="cat">
<a name="cat" href="{{ url('sorting') }}" value="cat">Cat</a>
</form>
</td>
</div>
In the blade file I'd have multiple links such as cat, dog, rabbit which essentially act as filtering options
I have a sort method in my controller that does the following
public function sorting(Request $request){
if($request->input('cat') === 'cat'){
$pets = Pet::Where('type', 'cat')->get();
return view('index', compact('pets'));
}
}
In my sort method, I'm trying to check if the cat link is clicked and then if it is it would return only pets of type cat, the problem I have is that my $request->input('cat') is returning a null. How would I correct this?
You have multiple issues in your code:
You don't seem to have a way to actually submit the form. The link in the post won't do it on it's own (unless you have some event on that link in JS)
<a>-tags don't have a value-attribute and the name-attribute means something completely different for links and is not for submitting data through forms.
A form without a method will use GET as default. You're trying to retrieve the value in PHP using $request->input() which is for POST-requests. For GET requests (which uses the query string to pass data), use $request->query().
However... you don't need the form. Just pass the value as a query parameter in the link instead:
<td>
Cat
</td>
Then in your PHP code, retrieve the value using:
if ($request->query('sort') === 'cat') {
// your code
}
I have created a form where an Admin can create text and also use objects as used in Blade. I want to store the text in a table and then display it in HTML with the objects working properly.
For example, I would have a form with this input in my view
<div class='form-group'>
<textarea placeholder="" name='comments' type='' rows='10' class='form-control' id='' value = '{{ old('comments') ?? $plansubmission->comments }}'>{{ $plansubmission->comments }}</textarea>
<div>{{ $errors->first('comments') }}</div>
</div>
In that form input, I have entered the following:
Dear Employee, {{ $plansubmission->id }}
This input validates and the input is sent to comments column in the proper table in my database.
Now, I want to return the comments column back into the view with all the spacing that was submitted into the input (therefore, I use the 'pre' tags):
<pre> {{ $plansubmission->comments}} </pre>
The plan text and spacing is maintained but the blade part simply comes out as {{ $plansubmission->id}} instead of what the actual property is.
It's a major security problem to let users submit blade templates to display data. Blade is compiled to PHP so you would be essentially allowing users to execute any PHP code they want. I would recommend you use something like mustache to let users inject variables into the output.
In the controller that passes the data to the view, you can pass the $plansubmission->comments through a mustache parser. This will treat the comments field as a template, and the second parameter sets the variables that the template has access to. This way you can explicitly set what the comment template has access to so you don't let users leak more data than is required.
$m = new Mustache_Engine;
$comments = $m->render($plansubmission->comments, $plansubmission->toArray());
Then users can put something like this in the comments field
Dear Employee, {{ id }}
Then in the view do
<pre> {{ $comments }} </pre>
and it will output
<pre> Dear Employee, 123 </pre>
I create a customer with the CRUD from Laravel. I add some base data like "Name, Birthday, Sex etc.).
Now I use the "show" route from Laravel and see the data that I saved in the database table (kundens).
From this view, I generate a PDF with a button. All this works for me. All the data come from my table "kundens". The view data come from this table, too. But how can I show data from more than one table in the same "view"? I need to add some more data in the PDF - not only from the "kundens" table.
My code for the customer view is this:
<div class="row">
<div class="col-md-12 col-md-offset-12">
<h4>Übersicht</h4>
<h5>Persönliche Daten</h5>
{{ $kunden->vorname }}<br>
{{ $kunden->nachname }}<br>
{{ $kunden->strasse }}<br>
{{ $kunden->plz }}
{{ $kunden->wohnort }}<br>
<button class="btn btn-danger" style="color: #fff"><a style="color: #fff" href="{{asset('admin/generate_offer')}}{{ '/'.$kunden->id }}">Angebot erstellen</a></button>
<ul>
#foreach($kunden['offer'] as $offer)
<li>{{$offer->id}} </li>
#endforeach
</ul>
</div>
</div>
There you see that I take the information from $kunden - but I need to take more information that saved in another table.
Does anyone know a solution?
So first of all, you have to write your model and controller so we can see it better than what you write but here, for example, you want to make some other model, to show up here. So here is how you do it:
In your main model, kundens model you write like this:
public function somedata() {
return $this->hasOne('App\YOURAPP','id','Table_id'); // in case you have the name of tables as ID not the Table_id you must not the second and third argument here
}
and in your controller, you must write like this:
$kundens= Kundens::with('somedata')->get(); // here some data is the name of the function that u inserted in your controller
So you have to customize this a bit into your needs.
I hope this helps...
Apparently, you are generating a PDF file in the admin/generate_offer related controller.
So in order to have more data, just get your data in that controller (that is responsible for generating PDF file) and simply add all of them no matter what and how many tables you want to get.
I'd like to display data calculated in controller in a blade view based on data provided by a user in form . For now I'm doing this by:
//View xyz.blade.php
<div class="card">
<div class="card-header">Add link</div>
<div class="card-block">
{{ Form::open(array('url' => 'getSimilar', 'method' => 'GET')) }}
{{ Form::token() }}
<div class="form-group">
{{ Form::label('url', 'url:') }}
{{ Form::text('url', '') }}
</div>
{{ Form::submit('Get') }}
{{ Form::close() }}
</div>
#if( ! empty($similar))
<div class="card-block">
#foreach ($similar as $item)
{{$item->title}} <br/>
#endforeach
</div>
#endif
</div>
//Controller
public function getSimilar(){
..
return View('xyz', ['similar' => $found]);
}
The above code works as expected. I can provide a url and after clicking "Get" I can see a list of found items below the form. However, something tells me that this is not the right way to do this since the entire page will refresh. Am I right (and so the above code is bad)? If so, is there any build in feature to display fetched data without refreshing? I searched on the official Laravel-form page but I did not find anything.
As far as I could understand your question.
The code seems to be ok, but the logic you've created may not be possible without a page refresh, because the user interaction depends the server response which requires a new reload.
You can craft another interactive action without a page refresh using an AJAX so when the user clicks the button he gets the result from the server you then display the results in page. Because the AJAX Request/Response happens behind the scenes for the user it gives an impression the page didn't reload which may be what you want.