Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion why use form helpers over standard HTML?
why use form helpers over standard HTML?
  • El Forum
    Guest
  •  
#11
06-24-2010, 10:31 PM

[eluser]Burak Guzel[/eluser]
Which one is nicer?

Code:
echo form_input('name', set_value('name'));

or

Code:
<input type="text" name="name" value="<?php if(isset($_POST['name'])) echo htmlspecialchars($_POST['name']); ?>" />
  • El Forum
    Guest
  •  
#12
06-24-2010, 11:02 PM

[eluser]skunkbad[/eluser]
I don't use the form helper. My way of thinking is that the framework, be it CI or whatever, is supposed to make the job easier. For me, form HTML is easy enough.
  • El Forum
    Guest
  •  
#13
06-24-2010, 11:27 PM

[eluser]jimmie32[/eluser]
I know there are situations where you prefer to use helpers:
http://pastebin.com/p0UApdap
Used pastebin. The code even broke the CI syntax highlighter. Woo!

(And yes, I bought my bad code offset already.)
Anyway, using helpers won't help the above code much, anyway. The entire approach is wrong.

"Aw, screw good practice. How much can it be?"
  • El Forum
    Guest
  •  
#14
06-25-2010, 03:30 AM

[eluser]Phil Sturgeon[/eluser]
[quote author="Burak Guzel" date="1277458309"]Which one is nicer?

Code:
echo form_input('name', set_value('name'));

or

Code:
<input type="text" name="name" value="<?php if(isset($_POST['name'])) echo htmlspecialchars($_POST['name']); ?>" />
[/quote]

I could probably replace my article with that. :lol:
  • El Forum
    Guest
  •  
#15
06-25-2010, 03:33 AM

[eluser]n0xie[/eluser]
[quote author="Burak Guzel" date="1277458309"]Which one is nicer?

Code:
echo form_input('name', set_value('name'));

or

Code:
<input type="text" name="name" value="<?php if(isset($_POST['name'])) echo htmlspecialchars($_POST['name']); ?>" />
[/quote]
Yeah now throw in that you want the input field already filled with a database entry. See how your form_input handles that...

[quote author="Phil Sturgeon" date="1277413336"]Here is an article I wrote explaining the use of form helpers (and helpers in general) as it's not always obvious from the start.

Why CodeIgniter HTML helpers rock[/quote]
In most cases where you would want to change a form it has usually more to do with the way it is represented and it would be best served using CSS.

I do agree though that wraping the form open function has benefits (especially with extending it) for adding global form functionality as an afterthought (think standard CSRF nonce, change the ACCEPT attribute etc). This particalur example though might not be as strong. UTF-8 Forms are notorious for XSS and CSRF exploits. For one latin-1 (the default for the intarwebs) holds only 255 characters of which about 10 are worth sanitising. UTF-8 holds a 'bit' more characters to keep an eye on.
  • El Forum
    Guest
  •  
#16
06-25-2010, 06:57 AM

[eluser]pickupman[/eluser]
Quote:Yeah now throw in that you want the input field already filled with a database entry. See how your form_input handles that

Oh, I think I can answer that:
Code:
//Controller
$data['field_name_value'] = (isset($_POST['field_name'])) ? $this->input->post('field_name') : $result->field_name;

//View
echo form_input('field_name', set_value('field_name',htmlspecialchars($field_name_value)));
  • El Forum
    Guest
  •  
#17
06-25-2010, 11:08 AM

[eluser]Burak Guzel[/eluser]
[quote author="pickupman" date="1277488655"]
Quote:Yeah now throw in that you want the input field already filled with a database entry. See how your form_input handles that

Oh, I think I can answer that:
Code:
//Controller
$data['field_name_value'] = (isset($_POST['field_name'])) ? $this->input->post('field_name') : $result->field_name;

//View
echo form_input('field_name', set_value('field_name',htmlspecialchars($field_name_value)));
[/quote]

Actually, this is all you have to do:

Code:
echo form_input('field_name', set_value('field_name', $result->field_name));

It uses the post value, if there is one. If not, it defaults to $result->field_name. Also, you don't need to escape with htmlspecialchars. The helper does that for you.
  • El Forum
    Guest
  •  
#18
08-10-2010, 08:00 AM

[eluser]fMertins[/eluser]
I use HTML directly, something like this:
Code:
<input type="text" name="name" value="<?=$user->name;?>" />

The $user variable is an object created at controller and passed to view, containing a string loaded from model/database when form state is "update record", ~or~ an empty string when form state is "new record".
  • El Forum
    Guest
  •  
#19
08-10-2010, 10:02 AM

[eluser]Josh K[/eluser]
[quote author="fMertins" date="1281466854"]I use HTML directly, something like this:
Code:
<input type="text" name="name" value="<?=$user->name;?>" />

The $user variable is an object created at controller and passed to view, containing a string loaded from model/database when form state is "update record", ~or~ an empty string when form state is "new record".[/quote]

Short tags are evil.

I prefer raw html to using the form helper.
  • El Forum
    Guest
  •  
#20
02-14-2013, 02:45 PM

[eluser]Unknown[/eluser]
Code:
<input type="text" value="<?php print set_value('username', @$username); ?>" name="username" />




Theme © iAndrew 2016 - Forum software by © MyBB