Browse Source

started view docs

tags/2.0.0-beta
Alexander Makarov 12 years ago
parent
commit
a61d9dcc80
  1. 5
      docs/guide/apps-advanced.md
  2. 5
      docs/guide/apps-basic.md
  3. 2
      docs/guide/overview.md
  4. 95
      docs/guide/view.md

5
docs/guide/apps-advanced.md

@ -5,6 +5,11 @@ This template is for large projects developed in teams where backend is divided
to multiple servers etc. This application template also goes a bit further regarding features and provides essential
database, signup and password restore out of the box.
Installation
------------
TBD
Directory structure
-------------------

5
docs/guide/apps-basic.md

@ -7,6 +7,11 @@ The application has four pages: the homepage, the about page, the contact page a
The contact page displays a contact form that users can fill in to submit their inquiries to the webmaster,
and the login page allows users to be authenticated before accessing privileged contents.
Installation
------------
TBD
Directory structure
-------------------

2
docs/guide/overview.md

@ -5,7 +5,7 @@ Yii is a high-performance, component-based PHP framework for developing
large-scale Web applications rapidly. It enables maximum reusability in Web
programming and can significantly accelerate your Web application development
process. The name Yii (pronounced `Yee` or `[ji:]`) is an acronym for
"**Yes It Is!**".
**Yes It Is!**.
Requirements

95
docs/guide/view.md

@ -0,0 +1,95 @@
View
====
View is an important part of MVC and is reponsible for how data is presented to the end user.
Basics
------
Yii uses PHP in view templates by default so in a web application a view typically contains some HTML, `echo`, `foreach`
and such basic constructs. It may also contain widget calls. Using complex code in views is considered a bad practice.
Such code should be moved to controller or widgets.
View is typically called from controller action like the following:
```php
public function actionIndex()
{
return $this->render('index', array(
'username' => 'samdark',
));
}
```
First argument is the view name. In context of the controller Yii will search for its views in `views/site/` where `site`
is controller ID. For details on how view name is resolved please refer to [yii\base\Controller::render] method.
Second argument is data array that contains key-value pairs. Value is available in the view as a variable named the same
as the corresponding key.
So the view for the action above should be in `views/site/index.php` and can be something like:
```php
<p>Hello, <?php echo $username?>!</p>
```
Intead of just scalar values you can pass anything else such as arrays or objects.
Layout
------
Partials
--------
Widgets
-------
Security
--------
One of the main security principles is to always escape output. If violated it leads to script execution and,
most probably, to cross-site scripting known as XSS leading to leaking of admin passwords, making a user to automatically
perform actions etc.
Yii provides a good toolset in order help you escaping your output. The very basic thing to escape is a text without any
markup. You can deal with it like the following:
```php
<?php
use yii\helpers\Html;
?>
<div class="username">
<?php echo Html::encode($user->name); ?>
</div>
```
When you want to render HTML it becomes complex so we're delegating the task to excellent
[HTMLPurifier](http://htmlpurifier.org/) library. In order to use it you need to modify your `composer.json` first by
adding the following to `require`:
```javascript
"ezyang/htmlpurifier": "v4.5.0"
```
After it's done run `php composer.phar install` and wait till package is downloaded. Now everything is prepared to use
Yii's HtmlPurifier helper:
```php
<?php
use yii\helpers\HtmlPurifier;
?>
<div class="post">
<?php echo HtmlPurifier::process($post->text); ?>
</div>
```
Note that besides HTMLPurifier does excellent job making output safe it's not very fast so consider
[caching result](caching.md).
Alternative template languages
------------------------------
There are offlicial extensions for [Smarty](http://www.smarty.net/) and [Twig](http://twig.sensiolabs.org/). In order
to learn more refer to [Using template engines](template.md) section of the guide.
Loading…
Cancel
Save