Planet CakePHP

This is an addition to the original updated article The CakePHP Framework: Your First Bite (updated for CakePHP 1.2.x.x)
In this post we will be adding the following features into the little notes script:

• add rules to the notes input form fields for fields that are mandatory
• use an other than a default layout for your notes application
• clean the input of your notes form to prevent XSS

Happy coding!

Tutorial’s details
Title: The CakePHP Framework: Your 2nd Bite (for CakePHP 1.2.x.x)
CakePHP version: 1.2.x.x (download latest version)
Parts: part 1 | (part 2)
Link to this post: http://www.missphp.com/blog/the-cakephp-framework-your-first-bite-versio...
Add form rules
Some forms need a minimum amount of information from a user. How to accomplish that? Add rules to your form elements.
These rules check if a user has provided the desired type of information. This is how we add rules to our field and textarea of our form: within the model using CakePHP’s validation class.
Open the file /app/model/note.php and add the following code to this model on a new line under line number 4. More information about how to apply the validation rules can be found in CakePHP’s validation class. The list of all available rules can be found in the validation API under “Method Summary”. But I hope this example is self explanatory enough for this tutorial.
For my notes I have the following rules that need to be applied:

• Title field should be at least 8 characters and max 50 characters long
• The text area should have at least 10 characters and max 1000 characters
• If the user filling in the form hasn’t provided the sufficient info, then display a message to inform the user

We will create an array for each form element. Within this array we list the rule(s) and the error message we want to display.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
public $validate = array(
'title' => array( //Title form field
'minLength' => array( //Name of this array for this rule can be anything you want to name it
'rule' => array('minLength', '8'),
'message' => 'The minimum length for a title is 8 characters'
),
'maxLength' => array(
'rule' => array('maxLength', 50),
'message' => 'The maximum length for the title 50 characters. Make is short and descriptive.'
),
),
'body' => array(//Text area of the form
'minlength' => array(
'rule' => array('minLength', '10'),
'message' => 'The minimum length for the body is 10 and the maximum is 1000 characters'
),
'maxLength' => array(
'rule' => array('maxLength', 1000),
'message' => 'INFORMATION OVERLOAD! The maximum length for the body 1000 characters'
),
),
);

Create your own layout for a controller
Using a different layout for one of your controllers is quite easy. You will need a different HTML layout and add 1 line of code to your controller. Lets first make a layout. The layout we are going to make here doesn’t much differ from CakePHP’s layout. But it will give you a sense of how to create your own layout.
Create the following file for your layout: /app/views/layout/notes_layout.ctp. The file name is important as we will be adding the name into our controller to let CakePHP know which layout is used for a controller.
Open it and add the following code. For more information about the structure of the layout visit CakePHP’s layout’s article

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

<?php echo $title_for_layout?> by MissYeh - Updated version of The CakePHP Framework: Your First Bite

<?php echo $scripts_for_layout ?>
<?php echo $html->css('cake.generic'); ?>

CakePHP Notes Tutorial - by MissYeh - Link to tutorial Updated version of The CakePHP Framework: Your First Bite
 

<?php echo $html->link('Notes home', '/notes/') ?>
<?php echo $html->link('Add a Note', '/notes/add') ?>

<?php $session->flash(); ?>
<?php echo $content_for_layout ?>

Now that we have a layout lets use this one in our notes controller. Add the controller variable in your notes controller.

1
public $layout = 'notes_layout'; //The name of the file without .ctp at the end

Clean form input
Cleaning the input is easy with frameworks. CakePHP’s sanitization class (API) gives you all that you want.
First we have to import the Sanitize class. In this example I use Sanitize::paranoid() and Sanitize::html(). You can use h() instead of the previous, which is just a htmlspecialchars wrapper.
Apply the desired sanitization functions where needed. You may want to apply this every time data is inserted into the database and when you retrieve data out of the database. The latter may seem redundant but it is a precaution just in case you forgot to sanitize data somewhere when inserting it into the database.
The final controller
This is the full controller after applying the sanitization rules and using the new layout.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
<?php
App::import('Sanitize'); //Must import first, otherwise the sanitization functions can not be used
 
class NotesController extends AppController
{
public $name = 'Notes';
public $layout = 'notes_layout';
 
public function index()
{
$this->set('notes', $this->Note->findAll());
}
 
public function view($id)
{
$this->Note->id = $id;
$this->set('data', Sanitize::paranoid($this->Note->read(), array('encode' => false))); //Sanitization function
}
 
public function add()
{
$data = Sanitize::html($this->data['Note']); //Sanitization function
if(!empty($data))
{
if($this->Note->save($data))
{
$this->Session->setFlash('Your note has been saved!');
$this->redirect('/notes');
}else{
$this->set('errors', $this->Note->invalidFields());
$this->Session->setFlash('Nothing saved, sowwy. Please correct the errors');
}
}
}
 
public function edit($id = null)
{
$data = Sanitize::html($this->data['Note']); //Sanitization function
if (empty($data))
{
$this->Note->id = $id;
$this->data = $this->Note->read();
}
else
{
if($this->Note->save($data))
{
$this->Session->setFlash('Note Saved!');
$this->redirect('/notes');
 
}
else
{
$this->set('errors', $this->Note->invalidFields());
$this->Session->setFlash('Nothing saved, sowwy. Please correct the errors');
}
}
}
 
public function delete($id)
{
if ($this->Note->del($id))
{
$this->Session->setFlash('The note with id: '.$id.' has been deleted.');
$this->redirect('/notes');
}
}

That’s all for now. It all seems quite straight forward, isn’t it?
Do let me know if you bump into errors.. : ) and I’d like it if you let me know if you liked or used this article.