Building Forms
Contents
- Opening A Form
- CSRF Protection
- Labels
- Text, Text Area, Password & Hidden Fields
- File Input
- Checkboxes and Radio Buttons
- Drop-Down Lists
- Buttons
- Custom Macros
Note: All input data displayed in form elements is filtered through the HTML::entities method.
Opening A Form
Opening a form to POST to the current URL:
echo Form::open();
Opening a form using a given URI and request method:
echo Form::open('user/profile', 'PUT');
Opening a Form that POSTS to a HTTPS URL:
echo Form::open_secure('user/profile');
Specifying extra HTML attributes on a form open tag:
echo Form::open('user/profile', 'POST', array('class' => 'awesome'));
Opening a form that accepts file uploads:
echo Form::open_for_files('users/profile');
Opening a form that accepts file uploads and uses HTTPS:
echo Form::open_secure_for_files('users/profile');
Closing a form:
echo Form::close();
CSRF Protection
Laravel provides an easy method of protecting your application from cross-site request forgeries. First, a random token is placed in your user's session. Don't sweat it, this is done automatically. Next, use the token method to generate a hidden form input field containing the random token on your form:
Generating a hidden field containing the session's CSRF token:
echo Form::token();
Attaching the CSRF filter to a route:
Route::post('profile', array('before' => 'csrf', function() { // }));
Retrieving the CSRF token string:
$token = Session::token();
Note: You must specify a session driver before using the Laravel CSRF protection facilities.
Further Reading:
Labels
Generating a label element:
echo Form::label('email', 'E-Mail Address');
Specifying extra HTML attributes for a label:
echo Form::label('email', 'E-Mail Address', array('class' => 'awesome'));
Turning off HTML escaping of label contents:
echo Form::label('confirm', 'Are you <strong>sure</strong> you want to proceed?', null, false);
You can pass false
as the optional fourth argument to disable automatic HTML escaping of the label content.
Note: After creating a label, any form element you create with a name matching the label name will automatically receive an ID matching the label name as well.
Text, Text Area, Password & Hidden Fields
Generate a text input element:
echo Form::text('username');
Specifying a default value for a text input element:
echo Form::text('email', 'example@gmail.com');
Note: The hidden and textarea methods have the same signature as the text method. You just learned three methods for the price of one!
Generating a password input element:
echo Form::password('password');
Checkboxes and Radio Buttons
Generating a checkbox input element:
echo Form::checkbox('name', 'value');
Generating a checkbox that is checked by default:
echo Form::checkbox('name', 'value', true);
Note: The radio method has the same signature as the checkbox method. Two for one!
File Input
Generate a file input element:
echo Form::file('image');
Drop-Down Lists
Generating a drop-down list from an array of items:
echo Form::select('size', array('L' => 'Large', 'S' => 'Small'));
Generating a drop-down list with an item selected by default:
echo Form::select('size', array('L' => 'Large', 'S' => 'Small'), 'S');
Buttons
Generating a submit button element:
echo Form::submit('Click Me!');
Note: Need to create a button element? Try the button method. It has the same signature as submit.
Custom Macros
It's easy to define your own custom Form class helpers called "macros". Here's how it works. First, simply register the macro with a given name and a Closure:
Registering a Form macro:
Form::macro('my_field', function() { return '<input type="awesome">'; });
Now you can call your macro using its name:
Calling a custom Form macro:
echo Form::my_field();