Error202
/
yii2-bootstrap
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Yii2 Bootstrap 3
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2235 Commits
1 Branch
15 Tags
11 MiB
 
 
Tree: 65352e500f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '65352e500f'
${ noResults }
yii2-bootstrap/docs/guide/view.md

2.7 KiB
Raw Blame History

View

View is an important part of MVC and is reponsible for how data is presented to the end user.

Basics

Yii uses PHP in view templates by default so in a web application a view typically contains some HTML, echo, foreach and such basic constructs. It may also contain widget calls. Using complex code in views is considered a bad practice. Such code should be moved to controller or widgets.

View is typically called from controller action like the following:

public function actionIndex()
{
	return $this->render('index', array(
		'username' => 'samdark',
	));
}

First argument is the view name. In context of the controller Yii will search for its views in views/site/ where site is controller ID. For details on how view name is resolved please refer to [yii\base\Controller::render] method. Second argument is data array that contains key-value pairs. Value is available in the view as a variable named the same as the corresponding key.

So the view for the action above should be in views/site/index.php and can be something like:

<p>Hello, <?php echo $username?>!</p>

Intead of just scalar values you can pass anything else such as arrays or objects.

Layout

Partials

Widgets

Security

One of the main security principles is to always escape output. If violated it leads to script execution and, most probably, to cross-site scripting known as XSS leading to leaking of admin passwords, making a user to automatically perform actions etc.

Yii provides a good toolset in order help you escaping your output. The very basic thing to escape is a text without any markup. You can deal with it like the following:

<?php
use yii\helpers\Html;
?>

<div class="username">
	<?php echo Html::encode($user->name); ?>
</div>

When you want to render HTML it becomes complex so we're delegating the task to excellent HTMLPurifier library. In order to use it you need to modify your composer.json first by adding the following to require:

"ezyang/htmlpurifier": "v4.5.0"

After it's done run php composer.phar install and wait till package is downloaded. Now everything is prepared to use Yii's HtmlPurifier helper:

<?php
use yii\helpers\HtmlPurifier;
?>

<div class="post">
	<?php echo HtmlPurifier::process($post->text); ?>
</div>

Note that besides HTMLPurifier does excellent job making output safe it's not very fast so consider caching result.

Alternative template languages

There are offlicial extensions for Smarty and Twig. In order to learn more refer to Using template engines section of the guide.