diff options
Diffstat (limited to 'railties/guides/source/form_helpers.textile')
-rw-r--r-- | railties/guides/source/form_helpers.textile | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/railties/guides/source/form_helpers.textile b/railties/guides/source/form_helpers.textile index a696e4f8ae..8934667c5e 100644 --- a/railties/guides/source/form_helpers.textile +++ b/railties/guides/source/form_helpers.textile @@ -39,7 +39,7 @@ When called without arguments like this, it creates a +<form>+ tag which, </form> </html> -Now, you'll notice that the HTML contains something extra: a +div+ element with two hidden input elements inside. This div is important, because the form cannot be successfully submitted without it. The first input element with name +utf8+ enforces browsers to properly respect your form's character encoding and is generated for all forms whether their actions are "GET" or "POST". The second input element with name +authenticity_token+ is a security feature of Rails called *cross-site request forgery protection*, and form helpers generate it for every non-GET form (provided that this security feature is enabled). You can read more about this in the "Security Guide":./security.html#_cross_site_reference_forgery_csrf. +Now, you'll notice that the HTML contains something extra: a +div+ element with two hidden input elements inside. This div is important, because the form cannot be successfully submitted without it. The first input element with name +utf8+ enforces browsers to properly respect your form's character encoding and is generated for all forms whether their actions are "GET" or "POST". The second input element with name +authenticity_token+ is a security feature of Rails called *cross-site request forgery protection*, and form helpers generate it for every non-GET form (provided that this security feature is enabled). You can read more about this in the "Security Guide":./security.html#cross-site-request-forgery-csrf. NOTE: Throughout this guide, the +div+ with the hidden input elements will be excluded from code samples for brevity. @@ -169,11 +169,11 @@ Output: <textarea id="message" name="message" cols="24" rows="6">Hi, nice site</textarea> <input id="password" name="password" type="password" /> <input id="parent_id" name="parent_id" type="hidden" value="5" /> -<input id="user_name" name="user[name]" size="30" type="search" /> -<input id="user_phone" name="user[phone]" size="30" type="tel" /> +<input id="user_name" name="user[name]" type="search" /> +<input id="user_phone" name="user[phone]" type="tel" /> <input id="user_born_on" name="user[born_on]" type="date" /> -<input id="user_homepage" size="30" name="user[homepage]" type="url" /> -<input id="user_address" size="30" name="user[address]" type="email" /> +<input id="user_homepage" name="user[homepage]" type="url" /> +<input id="user_address" name="user[address]" type="email" /> </html> Hidden inputs are not shown to the user but instead hold data like any textual input. Values inside them can be changed with JavaScript. @@ -239,7 +239,7 @@ The resulting HTML is: <html> <form accept-charset="UTF-8" action="/articles/create" method="post" class="nifty_form"> - <input id="article_title" name="article[title]" size="30" type="text" /> + <input id="article_title" name="article[title]" type="text" /> <textarea id="article_body" name="article[body]" cols="60" rows="12"></textarea> <input name="commit" type="submit" value="Create" /> </form> @@ -264,8 +264,8 @@ which produces the following output: <html> <form accept-charset="UTF-8" action="/people/create" class="new_person" id="new_person" method="post"> - <input id="person_name" name="person[name]" size="30" type="text" /> - <input id="contact_detail_phone_number" name="contact_detail[phone_number]" size="30" type="text" /> + <input id="person_name" name="person[name]" type="text" /> + <input id="contact_detail_phone_number" name="contact_detail[phone_number]" type="text" /> </form> </html> @@ -428,7 +428,7 @@ As with other helpers, if you were to use the +select+ helper on a form builder <%= f.select(:city_id, ...) %> </erb> -WARNING: If you are using +select+ (or similar helpers such as +collection_select+, +select_tag+) to set a +belongs_to+ association you must pass the name of the foreign key (in the example above +city_id+), not the name of association itself. If you specify +city+ instead of +city_id+ Active Record will raise an error along the lines of <tt> ActiveRecord::AssociationTypeMismatch: City(#17815740) expected, got String(#1138750) </tt> when you pass the +params+ hash to +Person.new+ or +update_attributes+. Another way of looking at this is that form helpers only edit attributes. You should also be aware of the potential security ramifications of allowing users to edit foreign keys directly. You may wish to consider the use of +attr_protected+ and +attr_accessible+. For further details on this, see the "Ruby On Rails Security Guide":security.html#_mass_assignment. +WARNING: If you are using +select+ (or similar helpers such as +collection_select+, +select_tag+) to set a +belongs_to+ association you must pass the name of the foreign key (in the example above +city_id+), not the name of association itself. If you specify +city+ instead of +city_id+ Active Record will raise an error along the lines of <tt> ActiveRecord::AssociationTypeMismatch: City(#17815740) expected, got String(#1138750) </tt> when you pass the +params+ hash to +Person.new+ or +update_attributes+. Another way of looking at this is that form helpers only edit attributes. You should also be aware of the potential security ramifications of allowing users to edit foreign keys directly. You may wish to consider the use of +attr_protected+ and +attr_accessible+. For further details on this, see the "Ruby On Rails Security Guide":security.html#mass-assignment. h4. Option Tags from a Collection of Arbitrary Objects @@ -714,9 +714,9 @@ Assuming the person had two addresses, with ids 23 and 45 this would create outp <html> <form accept-charset="UTF-8" action="/people/1" class="edit_person" id="edit_person_1" method="post"> - <input id="person_name" name="person[name]" size="30" type="text" /> - <input id="person_address_23_city" name="person[address][23][city]" size="30" type="text" /> - <input id="person_address_45_city" name="person[address][45][city]" size="30" type="text" /> + <input id="person_name" name="person[name]" type="text" /> + <input id="person_address_23_city" name="person[address][23][city]" type="text" /> + <input id="person_address_45_city" name="person[address][45][city]" type="text" /> </form> </html> @@ -739,7 +739,7 @@ To create more intricate nestings, you can specify the first part of the input n will create inputs like <html> -<input id="person_address_primary_1_city" name="person[address][primary][1][city]" size="30" type="text" value="bologna" /> +<input id="person_address_primary_1_city" name="person[address][primary][1][city]" type="text" value="bologna" /> </html> As a general rule the final input name is the concatenation of the name given to +fields_for+/+form_for+, the index value and the name of the attribute. You can also pass an +:index+ option directly to helpers such as +text_field+, but it is usually less repetitive to specify this at the form builder level rather than on individual input controls. |