f:form¶
The f:form
ViewHelper looks pretty mighty, when you look at how many parameters it takes. But once you realize that 11
of them generate the form target page, you’ll see that there are only a few others remaining. The big advantages of this
ViewHelper are security and a lighter workload. We’ll take a look at these in the following examples.
Properties¶
All the universal tag attributes
Global properties of this ViewHelper¶
enctype¶
- Variable type
- String
- Description
- The format with which the form data should be encoded and submitted.
- Default value
- NULL
- Mandatory
- No
method¶
- Variable type
- String
- Description
- Transfer method - GET or POST.
- Default value
- NULL
- Mandatory
- No
name¶
- Variable type
- String
- Description
- The HTML ‘name’ attribute of the form.
- Default value
- NULL
- Mandatory
- No
onreset¶
- Variable type
- String
- Description
- The JavaScript to be executed when the reset button in the form is clicked.
- Default value
- NULL
- Mandatory
- No
onsubmit¶
- Variable type
- String
- Description
- The JavaScript to be executed when the submit button in the form is clicked.
- Default value
- NULL
- Mandatory
- No
Exclusive properties of this ViewHelper¶
action¶
- Variable type
- String
- Description
- The action method to be called when the form is submitted.
- Default value
- NULL
- Mandatory
- Yes
arguments¶
- Variable type
- Array
- Description
- Additional variables should be sent with each form submission.
- Default value
- Empty array
- Mandatory
- Yes
controller¶
- Variable type
- String
- Description
- If the action method isn’t in the same Controller, then you’ll need to specify the appropriate Controller.
- Default value
- NULL
- Mandatory
- Yes
extensionName¶
- Variable type
- String
- Description
- If the form submission should be handled by a different extension, this property contains the name of
- this extension, without the tx_ prefix and without underline characters.
- Default value
- NULL
- Mandatory
- Yes
pluginName¶
- Variable type
- String
- Description
- If the form submission should be handled by a different plugin, this property should contain the plugin name.
- Default value
- NULL
- Mandatory
- Yes
pageUid¶
- Variable type
- Integer
- Description
- Define the page UID if the form submission should be sent to a different page.
- Default value
- NULL
- Mandatory
- Yes
object¶
- Variable type
- Mixed
- Description
- Contains an object with properties which mirror the input fields in the form.
- Default value
- NULL
- Mandatory
- Yes
pageType¶
- Variable type
- Integer
- Description
- Use the pageType property to define a non-standard page type to handle the form submission. For example,
- where the form submission takes place via AJAX.
- Default value
- 0
- Mandatory
- Yes
noCache¶
- Variable type
- Boolean
- Description
- Can be used to completely deactivate the page cache on the target page.
- Default value
- FALSE
- Mandatory
- Yes
noCacheHash¶
- Variable type
- Boolean
- Description
- If this property is activated, the link to the target page won’t contain a cHash parameter.
- Default value
- FALSE
- Mandatory
- Yes
section¶
- Variable type
- String
- Description
- Define an anchor on the target page, if the target page contains a large amount of content. The browser
- will scroll to the indicated anchor.
- Default value
- Empty string
- Mandatory
- Yes
format¶
- Variable type
- String
- Description
- The required data format to be delivered on the target page - for example, “xml”. This property only takes
- effect if ‘actionUri’ isn’t set.
- Default value
- Empty string
- Mandatory
- Yes
additionalParams¶
- Variable type
- Array
- Description
- Additional variables for the target page. Contrary to ‘arguments’, these variables won’t be prefixed
- with the extension name. This property only takes effect if ‘actionUri’ isn’t set.
- Default value
- Empty array
- Mandatory
- Yes
absolute¶
- Variable type
- Boolean
- Description
- Upon activation, the domain name and full page path will be prefixed to the form action. This property
- only takes effect if ‘actionUri’ isn’t set.
- Default value
- FALSE
- Mandatory
- Yes
addQueryString¶
- Variable type
- Boolean
- Description
- This property defines whether query parameters on the page containing the form will be passed on to the
- target page. This property only takes effect if ‘actionUri’ isn’t set.
- Default value
- FALSE
- Mandatory
- Yes
argumentsToBeExcludedFromQueryString¶
- Variable type
- Array
- Description
- If ‘addQueryString’ is activated, you can use this property to exclude specific query parameters. This
- property only takes effect if ‘actionUri’ isn’t set.
- Default value
- Empty array
- Mandatory
- Yes
fieldNamePrefix¶
- Variable type
- String
- Description
- Use this property if you want to use an alternative string to prefix the form fields. Mainly for use
- if the form submission is handled by a different extension.
- Default value
- NULL
- Mandatory
- Yes
actionUri¶
- Variable type
- String
- Description
- Define a specific form action URL. Using this option disables many of the other properties (above).
- Default value
- NULL
- Mandatory
- Yes
objectName¶
- Variable type
- String
- Description
- An object (Model) name, into which the submitted form data will be saved. This allows the data to be
- validated once in the Model, instead of in every individual action method.
- Default value
- NULL
- Mandatory
- Yes
Example¶
<f:form object="{feUser}" objectName="newFeUser">
<f:form.textarea property="firstName" rows="5" cols="50" />
</f:form>
…will create (approximately) the following output in the form page HTML.
<form action="/typo3/index.php?id=6&tx__%5Bcontroller%5D=Standard&cHash=d1469ddb628871564f3257920c1f6ee8" method="post">
<div style="display: none">
<input type="hidden" name="__referrer[extensionName]" value="" />
<input type="hidden" name="__referrer[controllerName]" value="Standard" />
<input type="hidden" name="__referrer[actionName]" value="index" />
<input type="hidden" name="__hmac" value="a:2:{s:9:"newFeUser";a:1:{s:9:"firstName";i:1;}s:4:"tx__";a:1:{s:10:"controller";i:1;}}ff5ff9b62f7b5c49a696d3f7b1009991853d6533" />
</div>
<textarea rows="5" cols="50" name="newFeUser[firstName]"></textarea>
</form>
If you take a close look at this generated code, you can see the security elements. Fluid builds a hidden section within the form, which contains a few values: amongst them, an ‘_hmac’ value, which contains a reference to all allowed form fields. This means that in the event of a website attack, in which specific fields are added or omitted, Extbase can compare the form data with the _hmac value to see that the form submission is invalid, and stop processing the request immediately with an error message.
In the earlier example, we’ve set the object name “newFeUser”. As you can see, this value is prepended to each field. The advantage of this is that all of you form fields are bundled together into an array for the target page. Your action can take this array and port it into a Model object, during which the array entries are validated. (Assuming that the Model contains the appropriate validation definitions.) The form data will only be accepted into the Model if it can be validated, after which a simple, single command could store the data in the database.