Commit a61d9dcc by Alexander Makarov

started view docs

parent 90ddea11
......@@ -5,6 +5,11 @@ This template is for large projects developed in teams where backend is divided
to multiple servers etc. This application template also goes a bit further regarding features and provides essential
database, signup and password restore out of the box.
Installation
------------
TBD
Directory structure
-------------------
......
......@@ -7,6 +7,11 @@ The application has four pages: the homepage, the about page, the contact page a
The contact page displays a contact form that users can fill in to submit their inquiries to the webmaster,
and the login page allows users to be authenticated before accessing privileged contents.
Installation
------------
TBD
Directory structure
-------------------
......
......@@ -5,7 +5,7 @@ Yii is a high-performance, component-based PHP framework for developing
large-scale Web applications rapidly. It enables maximum reusability in Web
programming and can significantly accelerate your Web application development
process. The name Yii (pronounced `Yee` or `[ji:]`) is an acronym for
"**Yes It Is!**".
**Yes It Is!**.
Requirements
......
View
====
View is an important part of MVC and is reponsible for how data is presented to the end user.
Basics
------
Yii uses PHP in view templates by default so in a web application a view typically contains some HTML, `echo`, `foreach`
and such basic constructs. It may also contain widget calls. Using complex code in views is considered a bad practice.
Such code should be moved to controller or widgets.
View is typically called from controller action like the following:
```php
public function actionIndex()
{
return $this->render('index', array(
'username' => 'samdark',
));
}
```
First argument is the view name. In context of the controller Yii will search for its views in `views/site/` where `site`
is controller ID. For details on how view name is resolved please refer to [yii\base\Controller::render] method.
Second argument is data array that contains key-value pairs. Value is available in the view as a variable named the same
as the corresponding key.
So the view for the action above should be in `views/site/index.php` and can be something like:
```php
<p>Hello, <?php echo $username?>!</p>
```
Intead of just scalar values you can pass anything else such as arrays or objects.
Layout
------
Partials
--------
Widgets
-------
Security
--------
One of the main security principles is to always escape output. If violated it leads to script execution and,
most probably, to cross-site scripting known as XSS leading to leaking of admin passwords, making a user to automatically
perform actions etc.
Yii provides a good toolset in order help you escaping your output. The very basic thing to escape is a text without any
markup. You can deal with it like the following:
```php
<?php
use yii\helpers\Html;
?>
<div class="username">
<?php echo Html::encode($user->name); ?>
</div>
```
When you want to render HTML it becomes complex so we're delegating the task to excellent
[HTMLPurifier](http://htmlpurifier.org/) library. In order to use it you need to modify your `composer.json` first by
adding the following to `require`:
```javascript
"ezyang/htmlpurifier": "v4.5.0"
```
After it's done run `php composer.phar install` and wait till package is downloaded. Now everything is prepared to use
Yii's HtmlPurifier helper:
```php
<?php
use yii\helpers\HtmlPurifier;
?>
<div class="post">
<?php echo HtmlPurifier::process($post->text); ?>
</div>
```
Note that besides HTMLPurifier does excellent job making output safe it's not very fast so consider
[caching result](caching.md).
Alternative template languages
------------------------------
There are offlicial extensions for [Smarty](http://www.smarty.net/) and [Twig](http://twig.sensiolabs.org/). In order
to learn more refer to [Using template engines](template.md) section of the guide.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment