diff --git a/user_guide_src/source/helpers/form_helper.rst b/user_guide_src/source/helpers/form_helper.rst index 68c7090408df..9a2d9f026abb 100644 --- a/user_guide_src/source/helpers/form_helper.rst +++ b/user_guide_src/source/helpers/form_helper.rst @@ -28,7 +28,7 @@ Escaping Field Values ********************* You may need to use HTML and characters such as quotes within your form -elements. In order to do that safely, you'll need to use +elements. In order to do that safely, you'll need to use the :doc:`common function <../general/common_functions>` :php:func:`esc()`. @@ -64,8 +64,8 @@ The following functions are available: Creates an opening form tag with a site URL **built from your** ``Config\App::$baseURL``. It will optionally let you add form attributes and hidden input fields, and - will always add the `accept-charset` attribute based on the charset value in your - config file. + will always add the `accept-charset` attribute based on the ``$charset`` property in your + **app/Config/App.php** config file. The main benefit of using this tag rather than hard coding your own HTML is that it permits your site to be more portable in the event your URLs ever change. @@ -103,16 +103,21 @@ The following functions are available:
- If :ref:`CSRF ` filter is turned on ``form_open()`` will generate CSRF field at the beginning of the form. You can specify ID of this field by passing csrf_id as one of the ``$attribute`` array: + If :ref:`CSRF ` filter is turned on ``form_open()`` will generate CSRF field at the beginning of the form. You can specify ID of this field by passing **csrf_id** as an element of the ``$attributes`` array: .. literalinclude:: form_helper/007.php will return:: - + - .. note:: To use auto-generation of CSRF field, you need to turn CSRF filter on to the form page. In most cases it is requested using the ``GET`` method. + .. note:: To use auto-generation of CSRF field, you need to turn on the :ref:`CSRF filter ` in **app/Config/Filters.php** file. + In most cases the form page is requested using the GET method. Normally, CSRF protection is required + for POST/PUT/DELETE/PATCH requests, but even for GET requests, CSRF filters must be enabled for pages that display Forms. + + If you enable CSRF filter with :ref:`filters-globals`, it will be active for all request types. + But if you enable CSRF filter with ``public array $methods = ['POST' => ['csrf']];``, the hidden CSRF field will not be added in GET requests. **Adding Hidden Input Fields** @@ -145,7 +150,7 @@ The following functions are available: :param string $name: Field name :param string $value: Field value - :returns: An HTML hidden input field tag + :returns: An HTML hidden input element :rtype: string Lets you generate hidden input fields. You can either submit a @@ -171,7 +176,7 @@ The following functions are available: :param string $value: Field value :param mixed $extra: Extra attributes to be added to the tag either as an array or a literal string :param string $type: The type of input field. i.e., 'text', 'email', 'number', etc. - :returns: An HTML text input field tag + :returns: An HTML text input element :rtype: string Lets you generate a standard text input field. You can minimally pass @@ -206,7 +211,7 @@ The following functions are available: :param array $data: Field attributes data :param string $value: Field value :param mixed $extra: Extra attributes to be added to the tag either as an array or a literal string - :returns: An HTML password input field tag + :returns: An HTML password input element :rtype: string This function is identical in all respects to the :php:func:`form_input()` @@ -217,7 +222,7 @@ The following functions are available: :param array $data: Field attributes data :param string $value: Field value :param mixed $extra: Extra attributes to be added to the tag either as an array or a literal string - :returns: An HTML file upload input field tag + :returns: An HTML file upload input element :rtype: string This function is identical in all respects to the :php:func:`form_input()` @@ -229,7 +234,7 @@ The following functions are available: :param array $data: Field attributes data :param string $value: Field value :param mixed $extra: Extra attributes to be added to the tag either as an array or a literal string - :returns: An HTML textarea tag + :returns: An HTML textarea element :rtype: string This function is identical in all respects to the :php:func:`form_input()` @@ -244,7 +249,7 @@ The following functions are available: :param array $options: An associative array of options to be listed :param array $selected: List of fields to mark with the *selected* attribute :param mixed $extra: Extra attributes to be added to the tag either as an array or a literal string - :returns: An HTML dropdown select field tag + :returns: An HTML select (dropdown) element :rtype: string Lets you create a standard drop-down field. The first parameter will @@ -278,7 +283,7 @@ The following functions are available: :param array $options: An associative array of options to be listed :param array $selected: List of fields to mark with the *selected* attribute :param mixed $extra: Extra attributes to be added to the tag either as an array or a literal string - :returns: An HTML dropdown multiselect field tag + :returns: An HTML select element with multiple attribute :rtype: string Lets you create a standard multiselect field. The first parameter will @@ -326,7 +331,7 @@ The following functions are available: :param string $value: Field value :param bool $checked: Whether to mark the checkbox as being *checked* :param mixed $extra: Extra attributes to be added to the tag either as an array or a literal string - :returns: An HTML checkbox input tag + :returns: An HTML checkbox input element :rtype: string Lets you generate a checkbox field. Simple example: @@ -357,7 +362,7 @@ The following functions are available: :param string $value: Field value :param bool $checked: Whether to mark the radio button as being *checked* :param mixed $extra: Extra attributes to be added to the tag either as an array or a literal string - :returns: An HTML radio input tag + :returns: An HTML radio input element :rtype: string This function is identical in all respects to the :php:func:`form_checkbox()` @@ -368,7 +373,7 @@ The following functions are available: :param string $label_text: Text to put in the