Commit a61d9dcc by Alexander Makarov

started view docs

parent 90ddea11
...@@ -5,6 +5,11 @@ This template is for large projects developed in teams where backend is divided ...@@ -5,6 +5,11 @@ This template is for large projects developed in teams where backend is divided
to multiple servers etc. This application template also goes a bit further regarding features and provides essential to multiple servers etc. This application template also goes a bit further regarding features and provides essential
database, signup and password restore out of the box. database, signup and password restore out of the box.
Installation
------------
TBD
Directory structure Directory structure
------------------- -------------------
......
...@@ -7,6 +7,11 @@ The application has four pages: the homepage, the about page, the contact page a ...@@ -7,6 +7,11 @@ The application has four pages: the homepage, the about page, the contact page a
The contact page displays a contact form that users can fill in to submit their inquiries to the webmaster, The contact page displays a contact form that users can fill in to submit their inquiries to the webmaster,
and the login page allows users to be authenticated before accessing privileged contents. and the login page allows users to be authenticated before accessing privileged contents.
Installation
------------
TBD
Directory structure Directory structure
------------------- -------------------
......
...@@ -5,7 +5,7 @@ Yii is a high-performance, component-based PHP framework for developing ...@@ -5,7 +5,7 @@ Yii is a high-performance, component-based PHP framework for developing
large-scale Web applications rapidly. It enables maximum reusability in Web large-scale Web applications rapidly. It enables maximum reusability in Web
programming and can significantly accelerate your Web application development programming and can significantly accelerate your Web application development
process. The name Yii (pronounced `Yee` or `[ji:]`) is an acronym for process. The name Yii (pronounced `Yee` or `[ji:]`) is an acronym for
"**Yes It Is!**". **Yes It Is!**.
Requirements Requirements
......
View
====
View is an important part of MVC and is reponsible for how data is presented to the end user.
Basics
------
Yii uses PHP in view templates by default so in a web application a view typically contains some HTML, `echo`, `foreach`
and such basic constructs. It may also contain widget calls. Using complex code in views is considered a bad practice.
Such code should be moved to controller or widgets.
View is typically called from controller action like the following:
```php
public function actionIndex()
{
return $this->render('index', array(
'username' => 'samdark',
));
}
```
First argument is the view name. In context of the controller Yii will search for its views in `views/site/` where `site`
is controller ID. For details on how view name is resolved please refer to [yii\base\Controller::render] method.
Second argument is data array that contains key-value pairs. Value is available in the view as a variable named the same
as the corresponding key.
So the view for the action above should be in `views/site/index.php` and can be something like:
```php
<p>Hello, <?php echo $username?>!</p>
```
Intead of just scalar values you can pass anything else such as arrays or objects.
Layout
------
Partials
--------
Widgets
-------
Security
--------
One of the main security principles is to always escape output. If violated it leads to script execution and,
most probably, to cross-site scripting known as XSS leading to leaking of admin passwords, making a user to automatically
perform actions etc.
Yii provides a good toolset in order help you escaping your output. The very basic thing to escape is a text without any
markup. You can deal with it like the following:
```php
<?php
use yii\helpers\Html;
?>
<div class="username">
<?php echo Html::encode($user->name); ?>
</div>
```
When you want to render HTML it becomes complex so we're delegating the task to excellent
[HTMLPurifier](http://htmlpurifier.org/) library. In order to use it you need to modify your `composer.json` first by
adding the following to `require`:
```javascript
"ezyang/htmlpurifier": "v4.5.0"
```
After it's done run `php composer.phar install` and wait till package is downloaded. Now everything is prepared to use
Yii's HtmlPurifier helper:
```php
<?php
use yii\helpers\HtmlPurifier;
?>
<div class="post">
<?php echo HtmlPurifier::process($post->text); ?>
</div>
```
Note that besides HTMLPurifier does excellent job making output safe it's not very fast so consider
[caching result](caching.md).
Alternative template languages
------------------------------
There are offlicial extensions for [Smarty](http://www.smarty.net/) and [Twig](http://twig.sensiolabs.org/). In order
to learn more refer to [Using template engines](template.md) section of the guide.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment