I could use some guidance in how to proceed on form validation in CodeIgniter. I am using CodeIgniter's built-in form validation and works fine as far as it goes. It returns individual error messages for each field where there is an error by using and wrapping it in some HTML/CSS for styling:
<?php echo validation_errors('<p class="error">'); ?>
But what we want to do is highlight the fields where there are errors. CI will let you put the error messages next to where the form errors are. But it requires you to use the error message for the value, like this:
<input type="text" name="email" value="<?php echo set_value('email'); ?>" size="50" />
which by the way is in CI's manual in non-CI syntax, which puzzles me. Anyway, we also want the data from the field when the form is submitted to be preserved and returns. So I've done:
$email = array('name' => 'email', 'value' => $em);
?><div style="padding:5px;">Email* </div><?php echo form_input($email) . '<br/>';
$em is returned from the controller like this:
$data['em'] = $this->input->post('email');
So my question is, how do I accomplish all of what is outlined above? Obviously, what CI suggests and what I have done collide. But I don't know how else to do it, so I could use some help.
EDIT: Upon further digging, I see that you can put the error message next to the field by doing this:
<?php echo form_error('email'); ?>
But I'm not getting any message upon an error, even though I have the rule written and I get an error with the first line of code above.
form error($field) returns an empty string '' so better use:
<input type="text" name="email" <?php if (form_error($email) !=='') { echo 'class="error"'; } ?> value="<?php echo set_value('email'); ?>" size="50" />
Tested.
In order to display error individually you should use the function form_error('email'). And for you to get a value of a field being checked, use the function set_value('email'). For these two functions to work, you would have had to, in your controller, set a rule for the 'email' field. Where you specify wich validation rules apply to that field.
<?php echo form_error('email'); ?>
<input type="text" name="username" value="<?php echo set_value('email'); ?>" size="50" />
source: http://codeigniter.com/user_guide/libraries/form_validation.html#individualerrors
untested, but form_error($field) should return true if there is an error:
So perhaps:
<input type="text" name="email" <?php if (form_error($email)) { echo 'class="error"'; } ?> value="<?php echo set_value('email'); ?>" size="50" />
untested. worth a shot?
Perhaps also consider using JQuery or similiar to validate and style the form fields, and use CI as a fallback (for presentation purposes, obviously).
That way your form validation can be styled as you required without CI limitations for 99% of validation rules, and then anything else, the default CI way can kick in.
Related
1 Things first: My I have abbreviated htmlspecialchars() to h() in my custom API.
Have an input where everything else is showing up when I run <pre><?php print_r($_POST) ?></pre> But this particular input isn't
<input id="phone_description_<?php echo $phone_count; ?>" type="text"
name="phone[<?php echo $phone_count; ?>]['phone_description']"
value="<?php echo h($phone['phone_description']); ?>"
<?php
if ($phone['phone_description'] == 'Primary') {
echo ' disabled';
}
?>
placeholder="e.g. Adwords Tracking Number"
class="phone_desc"
/>
$phone_count is a counting variable in a foreach loop just FYI. Not really sure why an input with a name attribute isn't even showing up in the $_POST array.
Edit
Here is the code that is generated from the above code
<input id="phone_description_0" type="text" name="phone[0]['phone_description']" value="Primary" disabled placeholder="e.g. Adwords Tracking Number" class="phone_desc" />
The input will be skipped by POST when it is disabled. Use "readonly" instead.
I have a strange issue I never had before.
I have a record stored in my database, it is a dutch place name as follow:
's-Heer Abtskerke
if I use the form helper:
<div class="form-group">
<?php
echo form_label('Plaats','plaats');
echo form_error('plaats');
echo form_input('plaats',set_value('plaats',$object->plaats),'class="form-control" id="plaats"');
?>
</div>
I am getting this output:
's-Heer Abtskerke
And if I use the html input element:
<input type="text" name="plaats" class="form-control" id="plaats" value="<?php echo $object->plaats; ?>">
I get the correct output:
's-Heer Abtskerke
I am wondering what is going on in here!
You need to turn off html escape:
set_value('plaats','\'s-Heer Abtskerke', FALSE)
Here you have doc
I'm working on a basic webform, using php to dislpay error messages and process the data input by the user.
I also use it to echo and ID for html elements to change their color on error:
<h3 class="question" <?php if ($error['field1'] === 1)
{echo('id="red"');}?>Fill in field 1</h3>
<p class="error"><php echo $errormessage['field1'];?></p>
<input name="field1" type="text" value="<?php echo $formfields['field1'];?>"
maxlength="128" <?php if ($error['field1'] === 1){echo ('id="error_field"');?>>
I have a class handling the form and all the errors. $error['field1'] becomes 1 if field1 is empty, and an error message is displayed by $errormessage['field1'].
The problem is, in half of the form the php embedded to echo the ID's (red and error_field) works. All the input and <h3> become red, as defined in CSS for the ID's.
But halfway trough the form, only the $errormessage and $formfields still work. The other php code doesnt work anymore. It seems to not execute anymore but if as I check all the parameters it should be executing.
Any idea why php is not executing half of the code?
I cannot understand your problem since I have not access to full source of your file but at the moment I found a lot of syntax errors... pay attention! I have no idea what you are going to do but you can begin fixing your syntax...
<h3 class="question" <?php if ($error['field1'] === 1) { echo('id="red"'); } ?>>Fill in field 1</h3>
<p class="error"><?php echo $errormessage['field1']; ?></p>
<input name="field1" type="text" value="<?php echo $formfields['field1']; ?>" maxlength="128" <?php if ($error['field1'] === 1) { echo('id="error_field"'); } ?>>
So I've always heard and read that you need to sanitize any user input if it's to be output back to html. What I'm wondering is, do I need to sanitize any input that is output if there was an error?
For example, in my form error handling, I have it so the page gets re-displayed with the error message showing and telling the user what went wrong but also outputting their input as the form's value so they don't have to re-type it and they can see where they went wrong. My question is do I need to use htmlspecialchars() to sanitize the user's input when its output as the value of the form field?
Here is what one of my input fields looks like right now.
<label for="email">E-mail Address: <?php if($btnPressed) { checkInput($_POST['email'], true, true); } // Check the validity of the input ?></label>
<input type="text" name="email" id="email" value="<?php if($btnPressed) { echo $_POST['email']; } // Output the user's input if an error occurred ?>" maxlength="50" />
Here is what I think I should be doing.
<label for="email">E-mail Address: <?php if($btnPressed) { checkInput($_POST['email'], true, true); } // Check the validity of the input ?></label>
<input type="text" name="email" id="email" value="<?php if($btnPressed) { echo htmlspecialchars($_POST['email']); } // Output the user's input if an error occurred ?>" maxlength="50" />
Any help is greatly appreciated.
Yes, you need to run the data through htmlspecialchars.
Otherwise you have two major problems.
A third party could link (or submit a hidden form with JS (since you are using $_POST they would have to use this approach)) to your site sending whatever data they liked (including "><script...) as the user who visited their attack site.
If the user enters a " in their data (either because it is a typo or because their data really does include a " character), it will break when you display it back to them.
Is there a reliable way to create a custom view for a Zend_Form? The decorators are pretty cryptic and using them in fancy ways sometimes is so complicated that I'd prefer to just write the HTML by hand. Is there a way to do it and still make the form fully cooperate with the controller (eg. call $form->isValid() and expect everything to validate properly)? If so, are there any caveats to look out for (like taking care about validation errors display)?
The ideal solution would be to create a form and pass the elements array (containing the necessary data like names, IDs, input types and all needed to render the HTML) - does Zend Framework permit this?
[EDIT]
Instead of just echoing the form object, I have tried adding this code in the view (a simple login form):
<?php
$userid = $this->form->getElement('userid');
$pass = $this->form->getElement('password');
$remember = $this->form->getElement('remember');
$submit = $this->form->getElement('submit');
?>
<form enctype="<?php echo $this->form->getEnctype(); ?>" method="<?php echo $this->form->getMethod(); ?>" action="<?php echo $this->form->getAction(); ?>" id="<?php echo $this->form->getId(); ?>">
name: <input type="text" id="<?php echo $userid->getId(); ?>" name="<?php echo $userid->getName(); ?>" /><br />
pass: <input type="password" id="<?php echo $pass->getId(); ?>" name="<?php echo $pass->getName(); ?>" /><br />
remember: <input type="checkbox" id="<?php echo $remember->getId(); ?>" name="<?php echo $remember->getName(); ?>" /><br />
submit: <input type="submit" id="<?php echo $submit->getId(); ?>" name="<?php echo $submit->getName(); ?>" value="<?php echo $submit->getValue(); ?>" />
</form>
The form seems to work OK and validate (although I don't get redirected the the page I came from - but that's a different problem, I believe, as I pass that via GET, not in the form). Is that acceptable, or am I doing something horridly wrong without knowing it?
A lot depends of the design and the final layout.
Where do you want to display validation errors? How? Via Error decorator?
Do you want also use descriptions?
Do you need to use other decorators?
The best way seems to be to create just your own Zend_Form_Element_ThreadIcons element. This is as easy as subclassing one of Zend_Form elements and implementing custom _render() method returning HTML you need. You may even use your own View instance there.
Then you may pass array of icons as an element option and handle it the way you need.
If you decide using decorators, you my find this presentation very useful to master the technique:
http://www.slideshare.net/weierophinney/leveraging-zendform-decorators