Form Helper
The Form Helper file contains functions that assist in working with forms.
Configuration
Since v4.3.0, void HTML elements (e.g. <input>
) in form_helper
functions have been changed to be HTML5-compatible by default and if you need to be compatible with XHTML, you must set the $html5
property in app/Config/DocTypes.php to false
.
Loading this Helper
This helper is loaded using the following code:
<?php
helper('form');
Escaping Field Values
You may need to use HTML and characters such as quotes within your form
elements. In order to do that safely, you’ll need to use the
common function
esc()
.
Consider the following example:
<?php
$string = 'Here is a string containing "quoted" text.';
?>
<input type="text" name="myfield" value="<?= $string ?>">
Since the above string contains a set of quotes, it will cause the form
to break. The esc()
function converts HTML special
characters so that it can be used safely:
<input type="text" name="myfield" value="<?= esc($string) ?>">
Note
If you use any of the form helper functions listed on this page, and you pass values as an associative array, the form values will be automatically escaped, so there is no need to call this function. Use it only if you are creating your own form elements, which you would pass as strings.
Available Functions
The following functions are available:
- form_open([$action = ''[, $attributes = ''[, $hidden = []]]])
- Parameters:
$action (
string
) – Form action/target URI string$attributes (
mixed
) – HTML attributes, as an array or escaped string$hidden (
array
) – An array of hidden fields’ definitions
- Returns:
An HTML form opening tag
- Return type:
string
Creates an opening form tag with a site URL built from your
Config\App::$baseURL
. It will optionally let you add form attributes and hidden input fields, and will always add the accept-charset attribute based on the$charset
property in your app/Config/App.php config file.The main benefit of using this tag rather than hard coding your own HTML is that it permits your site to be more portable in the event your URLs ever change.
Here’s a simple example:
<?php echo form_open('email/send');
The above example would create a form that points to your site URL plus the “email/send” URI segments, like this:
<form action="http://example.com/index.php/email/send" method="post" accept-charset="utf-8">
You can also add
{locale}
like the following:<?php echo form_open('{locale}/email/send');
The above example would create a form that points to your site URL plus the current request locale with “email/send” URI segments, like this:
<form action="http://example.com/index.php/en/email/send" method="post" accept-charset="utf-8">
Adding Attributes
Attributes can be added by passing an associative array to the second parameter, like this:
<?php $attributes = ['class' => 'email', 'id' => 'myform']; echo form_open('email/send', $attributes);
Alternatively, you can specify the second parameter as a string:
<?php echo form_open('email/send', 'class="email" id="myform"');
The above examples would create a form similar to this:
<form action="http://example.com/index.php/email/send" class="email" id="myform" method="post" accept-charset="utf-8">
If CSRF filter is turned on
form_open()
will generate CSRF field at the beginning of the form. You can specify ID of this field by passing csrf_id as an element of the$attributes
array:<?php echo form_open('/u/sign-up', ['csrf_id' => 'my-id']);
will return:
<form action="http://example.com/index.php/u/sign-up" method="post" accept-charset="utf-8"> <input type="hidden" id="my-id" name="csrf_test_name" value="964ede6e0ae8a680f7b8eab69136717d">
Note
To use auto-generation of CSRF field, you need to turn on the CSRF filter in app/Config/Filters.php file. In most cases the form page is requested using the GET method. Normally, CSRF protection is required for POST/PUT/DELETE/PATCH requests, but even for GET requests, CSRF filters must be enabled for pages that display Forms.
If you enable CSRF filter with $globals, it will be active for all request types. But if you enable CSRF filter with
public array $methods = ['POST' => ['csrf']];
, the hidden CSRF field will not be added in GET requests.Adding Hidden Input Fields
Hidden fields can be added by passing an associative array to the third parameter, like this:
<?php $hidden = ['username' => 'Joe', 'member_id' => '234']; echo form_open('email/send', '', $hidden);
You can skip the second parameter by passing any false value to it.
The above example would create a form similar to this:
<form action="http://example.com/index.php/email/send" method="post" accept-charset="utf-8"> <input type="hidden" name="username" value="Joe"> <input type="hidden" name="member_id" value="234">
- form_open_multipart([$action = ''[, $attributes = ''[, $hidden = []]]])
- Parameters:
$action (
string
) – Form action/target URI string$attributes (
mixed
) – HTML attributes, as an array or escaped string$hidden (
array
) – An array of hidden fields’ definitions
- Returns:
An HTML multipart form opening tag
- Return type:
string
This function is identical to
form_open()
above, except that it adds a multipart attribute, which is necessary if you would like to use the form to upload files with.
- Parameters:
$name (
string
) – Field name$value (
string
) – Field value
- Returns:
An HTML hidden input element
- Return type:
string
Lets you generate hidden input fields. You can either submit a name/value string to create one field:
<?php form_hidden('username', 'johndoe'); // Would produce: <input type="hidden" name="username" value="johndoe">
… or you can submit an associative array to create multiple fields:
<?php $data = [ 'name' => 'John Doe', 'email' => 'john@example.com', 'url' => 'http://example.com', ]; echo form_hidden($data); /* * Would produce: * <input type="hidden" name="name" value="John Doe"> * <input type="hidden" name="email" value="john@example.com"> * <input type="hidden" name="url" value="http://example.com"> */
You can also pass an associative array to the value field:
<?php $data = [ 'name' => 'John Doe', 'email' => 'john@example.com', 'url' => 'http://example.com', ]; echo form_hidden('my_array', $data); /* * Would produce: * <input type="hidden" name="my_array[name]" value="John Doe"> * <input type="hidden" name="my_array[email]" value="john@example.com"> * <input type="hidden" name="my_array[url]" value="http://example.com"> */
If you want to create hidden input fields with extra attributes:
<?php $data = [ 'type' => 'hidden', 'name' => 'email', 'id' => 'hiddenemail', 'value' => 'john@example.com', 'class' => 'hiddenemail', ]; echo form_input($data); /* * Would produce: * <input type="hidden" name="email" value="john@example.com" id="hiddenemail" class="hiddenemail"> */
- form_input([$data = ''[, $value = ''[, $extra = ''[, $type = 'text']]]])
- Parameters:
$data (
array
) – Field attributes data$value (
string
) – Field value$extra (
mixed
) – Extra attributes to be added to the tag either as an array or a literal string$type (
string
) – The type of input field. i.e., ‘text’, ‘email’, ‘number’, etc.
- Returns:
An HTML text input element
- Return type:
string
Lets you generate a standard text input field. You can minimally pass the field name and value in the first and second parameter:
<?php echo form_input('username', 'johndoe'); /* * Would produce: * <input type="text" name="username" value="johndoe"> */
Or you can pass an associative array containing any data you wish your form to contain:
<?php $data = [ 'name' => 'username', 'id' => 'username', 'value' => 'johndoe', 'maxlength' => '100', 'size' => '50', 'style' => 'width:50%', ]; echo form_input($data); /* * Would produce: * <input type="text" name="username" value="johndoe" id="username" maxlength="100" size="50" style="width:50%"> */
If you want boolean attributes, pass the boolean value (
true
/false
). In this case the boolean value does not matter:<?php $data = [ 'name' => 'username', 'id' => 'username', 'value' => '', 'required' => true, ]; echo form_input($data); /* * Would produce: * <input type="text" name="username" value="" id="username" required> */
If you would like your form to contain some additional data, like JavaScript, you can pass it as a string in the third parameter:
<?php $js = 'onClick="some_function ()"'; echo form_input('username', 'johndoe', $js); /* * Would produce: * <input type="text" name="username" value="johndoe" onClick="some_function ()"> */
Or you can pass it as an array:
<?php $js = ['onClick' => 'some_function ();']; echo form_input('username', 'johndoe', $js); /* * Would produce: * <input type="text" name="username" value="johndoe" onClick="some_function ();"> */
To support the expanded range of HTML5 input fields, you can pass an input type in as the fourth parameter:
<?php echo form_input('email', 'joe@example.com', ['placeholder' => 'Email Address...'], 'email'); /* * Would produce: * <input type="email" name="email" value="joe@example.com" placeholder="Email Address..."> */
- form_password([$data = ''[, $value = ''[, $extra = '']]])
- Parameters:
$data (
array
) – Field attributes data$value (
string
) – Field value$extra (
mixed
) – Extra attributes to be added to the tag either as an array or a literal string
- Returns:
An HTML password input element
- Return type:
string
This function is identical in all respects to the
form_input()
function above except that it uses the “password” input type.
- form_upload([$data = ''[, $value = ''[, $extra = '']]])
- Parameters:
$data (
array
) – Field attributes data$value (
string
) – Field value$extra (
mixed
) – Extra attributes to be added to the tag either as an array or a literal string
- Returns:
An HTML file upload input element
- Return type:
string
This function is identical in all respects to the
form_input()
function above except that it uses the “file” input type, allowing it to be used to upload files.
- form_textarea([$data = ''[, $value = ''[, $extra = '']]])
- Parameters:
$data (
array
) – Field attributes data$value (
string
) – Field value$extra (
mixed
) – Extra attributes to be added to the tag either as an array or a literal string
- Returns:
An HTML textarea element
- Return type:
string
This function is identical in all respects to the
form_input()
function above except that it generates a “textarea” type.Note
Instead of the maxlength and size attributes in the above example, you will instead specify rows and cols.
- form_dropdown([$name = ''[, $options = [][, $selected = [][, $extra = '']]]])
- Parameters:
$name (
string
) – Field name$options (
array
) – An associative array of options to be listed$selected (
array
) – List of fields to mark with the selected attribute$extra (
mixed
) – Extra attributes to be added to the tag either as an array or a literal string
- Returns:
An HTML select (dropdown) element
- Return type:
string
Lets you create a standard drop-down field. The first parameter will contain the name of the field, the second parameter will contain an associative array of options, and the third parameter will contain the value you wish to be selected. You can also pass an array of multiple items through the third parameter, and the helper will create a multiple select for you.
Example:
<?php $options = [ 'small' => 'Small Shirt', 'med' => 'Medium Shirt', 'large' => 'Large Shirt', 'xlarge' => 'Extra Large Shirt', ]; $shirts_on_sale = ['small', 'large']; echo form_dropdown('shirts', $options, 'large'); /* * Would produce: * <select name="shirts"> * <option value="small">Small Shirt</option> * <option value="med">Medium Shirt</option> * <option value="large" selected="selected">Large Shirt</option> * <option value="xlarge">Extra Large Shirt</option> * </select> */ echo form_dropdown('shirts', $options, $shirts_on_sale); /* * Would produce: * <select name="shirts" multiple="multiple"> * <option value="small" selected="selected">Small Shirt</option> * <option value="med">Medium Shirt</option> * <option value="large" selected="selected">Large Shirt</option> * <option value="xlarge">Extra Large Shirt</option> * </select> */
If you would like the opening <select> to contain additional data, like an id attribute or JavaScript, you can pass it as a string in the fourth parameter:
<?php $js = 'id="shirts" onChange="some_function();"'; echo form_dropdown('shirts', $options, 'large', $js);
Or you can pass it as an array:
<?php $js = [ 'id' => 'shirts', 'onChange' => 'some_function();', ]; echo form_dropdown('shirts', $options, 'large', $js);
If the array passed as
$options
is a multidimensional array, thenform_dropdown()
will produce an <optgroup> with the array key as the label.
- form_multiselect([$name = ''[, $options = [][, $selected = [][, $extra = '']]]])
- Parameters:
$name (
string
) – Field name$options (
array
) – An associative array of options to be listed$selected (
array
) – List of fields to mark with the selected attribute$extra (
mixed
) – Extra attributes to be added to the tag either as an array or a literal string
- Returns:
An HTML select element with multiple attribute
- Return type:
string
Lets you create a standard multiselect field. The first parameter will contain the name of the field, the second parameter will contain an associative array of options, and the third parameter will contain the value or values you wish to be selected.
The parameter usage is identical to using
form_dropdown()
above, except of course that the name of the field will need to use POST array syntax, e.g., foo[].
- form_fieldset([$legend_text = ''[, $attributes = []]])
- Parameters:
$legend_text (
string
) – Text to put in the <legend> tag$attributes (
array
) – Attributes to be set on the <fieldset> tag
- Returns:
An HTML fieldset opening tag
- Return type:
string
Lets you generate fieldset/legend fields.
Example:
<?php echo form_fieldset('Address Information'); echo "<p>fieldset content here</p>\n"; echo form_fieldset_close(); ?> <!-- Produces: --> <fieldset> <legend>Address Information</legend> <p>form content here</p> </fieldset>
Similar to other functions, you can submit an associative array in the second parameter if you prefer to set additional attributes:
<?php $attributes = [ 'id' => 'address_info', 'class' => 'address_info', ]; echo form_fieldset('Address Information', $attributes); echo "<p>fieldset content here</p>\n"; echo form_fieldset_close(); ?> <!-- Produces: --> <fieldset id="address_info" class="address_info"> <legend>Address Information</legend> <p>form content here</p> </fieldset>
- form_fieldset_close([$extra = ''])
- Parameters:
$extra (
string
) – Anything to append after the closing tag, as is
- Returns:
An HTML fieldset closing tag
- Return type:
string
Produces a closing
</fieldset>
tag. The only advantage to using this function is it permits you to pass data to it which will be added below the tag. For example<?php $string = '</div></div>'; echo form_fieldset_close($string); // Would produce: </fieldset></div></div>
- form_checkbox([$data = ''[, $value = ''[, $checked = false[, $extra = '']]]])
- Parameters:
$data (
array
) – Field attributes data$value (
string
) – Field value$checked (
bool
) – Whether to mark the checkbox as being checked$extra (
mixed
) – Extra attributes to be added to the tag either as an array or a literal string
- Returns:
An HTML checkbox input element
- Return type:
string
Lets you generate a checkbox field. Simple example:
<?php echo form_checkbox('newsletter', 'accept', true); // Would produce: <input type="checkbox" name="newsletter" value="accept" checked="checked">
The third parameter contains a boolean true/false to determine whether the box should be checked or not.
Similar to the other form functions in this helper, you can also pass an array of attributes to the function:
<?php $data = [ 'name' => 'newsletter', 'id' => 'newsletter', 'value' => 'accept', 'checked' => true, 'style' => 'margin:10px', ]; echo form_checkbox($data); // Would produce: <input type="checkbox" name="newsletter" id="newsletter" value="accept" checked="checked" style="margin:10px">
Also as with other functions, if you would like the tag to contain additional data like JavaScript, you can pass it as a string in the fourth parameter:
<?php $js = 'onClick="some_function()"'; echo form_checkbox('newsletter', 'accept', true, $js);
Or you can pass it as an array:
<?php $js = ['onClick' => 'some_function();']; echo form_checkbox('newsletter', 'accept', true, $js);
- form_radio([$data = ''[, $value = ''[, $checked = false[, $extra = '']]]])
- Parameters:
$data (
array
) – Field attributes data$value (
string
) – Field value$checked (
bool
) – Whether to mark the radio button as being checked$extra (
mixed
) – Extra attributes to be added to the tag either as an array or a literal string
- Returns:
An HTML radio input element
- Return type:
string
This function is identical in all respects to the
form_checkbox()
function above except that it uses the “radio” input type.
- form_label([$label_text = ''[, $id = ''[, $attributes = []]]])
- Parameters:
$label_text (
string
) – Text to put in the <label> tag$id (
string
) – ID of the form element that we’re making a label for$attributes (
string
) – HTML attributes
- Returns:
An HTML label element
- Return type:
string
Lets you generate a <label>. Simple example:
<?php echo form_label('What is your Name', 'username'); // Would produce: <label for="username">What is your Name</label>
Similar to other functions, you can submit an associative array in the third parameter if you prefer to set additional attributes.
Example:
<?php $attributes = [ 'class' => 'mycustomclass', 'style' => 'color: #000;', ]; echo form_label('What is your Name', 'username', $attributes); // Would produce: <label for="username" class="mycustomclass" style="color: #000;">What is your Name</label>
- form_submit([$data = ''[, $value = ''[, $extra = '']]])
- Parameters:
$data (
string
) – Button name$value (
string
) – Button value$extra (
mixed
) – Extra attributes to be added to the tag either as an array or a literal string
- Returns:
An HTML input submit element
- Return type:
string
Lets you generate a standard submit button. Simple example:
<?php echo form_submit('mysubmit', 'Submit Post!'); // Would produce: <input type="submit" name="mysubmit" value="Submit Post!">
Similar to other functions, you can submit an associative array in the first parameter if you prefer to set your own attributes. The third parameter lets you add extra data to your form, like JavaScript.
- form_reset([$data = ''[, $value = ''[, $extra = '']]])
- Parameters:
$data (
string
) – Button name$value (
string
) – Button value$extra (
mixed
) – Extra attributes to be added to the tag either as an array or a literal string
- Returns:
An HTML input reset element
- Return type:
string
Lets you generate a standard reset button. Use is identical to
form_submit()
.
- form_button([$data = ''[, $content = ''[, $extra = '']]])
- Parameters:
$data (
string
) – Button name$content (
string
) – Button label$extra (
mixed
) – Extra attributes to be added to the tag either as an array or a literal string
- Returns:
An HTML button element
- Return type:
string
Lets you generate a standard button element. You can minimally pass the button name and content in the first and second parameter:
<?php echo form_button('name', 'content'); // Would produce: <button name="name" type="button">Content</button>
Or you can pass an associative array containing any data you wish your form to contain:
<?php $data = [ 'name' => 'button', 'id' => 'button', 'value' => 'true', 'type' => 'reset', 'content' => 'Reset', ]; echo form_button($data); // Would produce: <button name="button" id="button" value="true" type="reset">Reset</button>
If you would like your form to contain some additional data, like JavaScript, you can pass it as a string in the third parameter:
<?php $js = 'onClick="some_function()"'; echo form_button('mybutton', 'Click Me', $js);
- form_close([$extra = ''])
- Parameters:
$extra (
string
) – Anything to append after the closing tag, as is
- Returns:
An HTML form closing tag
- Return type:
string
Produces a closing
</form>
tag. The only advantage to using this function is it permits you to pass data to it which will be added below the tag. For example:<?php $string = '</div></div>'; echo form_close($string); // Would produce: </form> </div></div>
- set_value($field[, $default = ''[, $html_escape = true]])
- Parameters:
$field (
string
) – Field name$default (
string
) – Default value$html_escape (
bool
) – Whether to turn off HTML escaping of the value
- Returns:
Field value
- Return type:
string
Permits you to set the value of an input or textarea element. You must supply the field name via the first parameter of the function. The second (optional) parameter allows you to set a default value for the field value. The third (optional) parameter allows you to turn off HTML escaping of the value, in case you need to use this function in combination with i.e.,
form_input()
and avoid double-escaping.Example:
<input type="text" name="quantity" value="<?= set_value('quantity', '0') ?>" size="50">
The above form will show “0” when loaded for the first time.
- set_select($field[, $value = ''[, $default = false]])
- Parameters:
$field (
string
) – Field name$value (
string
) – Value to check for$default (
string
) – Whether the value is also a default one
- Returns:
‘selected’ attribute or an empty string
- Return type:
string
If you use a <select> menu, this function permits you to display the menu item that was selected.
The first parameter must contain the name of the select menu, the second parameter must contain the value of each item, and the third (optional) parameter lets you set an item as the default (use boolean true/false).
Example:
<select name="myselect"> <option value="one" <?= set_select('myselect', 'one', true) ?>>One</option> <option value="two" <?= set_select('myselect', 'two') ?>>Two</option> <option value="three" <?= set_select('myselect', 'three') ?>>Three</option> </select>
- set_checkbox($field[, $value = ''[, $default = false]])
- Parameters:
$field (
string
) – Field name$value (
string
) – Value to check for$default (
string
) – Whether the value is also a default one
- Returns:
‘checked’ attribute or an empty string
- Return type:
string
Permits you to display a checkbox in the state it was submitted.
The first parameter must contain the name of the checkbox, the second parameter must contain its value, and the third (optional) parameter lets you set an item as the default (use boolean true/false).
Example:
<input type="checkbox" name="mycheck[]" value="1" <?= set_checkbox('mycheck', '1') ?>> <input type="checkbox" name="mycheck[]" value="2" <?= set_checkbox('mycheck', '2') ?>>
- set_radio($field[, $value = ''[, $default = false]])
- Parameters:
$field (
string
) – Field name$value (
string
) – Value to check for$default (
string
) – Whether the value is also a default one
- Returns:
‘checked’ attribute or an empty string
- Return type:
string
Permits you to display radio buttons in the state they were submitted. This function is identical to the
set_checkbox()
function above.Example:
<input type="radio" name="myradio" value="1" <?= set_radio('myradio', '1', true) ?>> <input type="radio" name="myradio" value="2" <?= set_radio('myradio', '2') ?>>
- validation_errors()
Added in version 4.3.0.
- Returns:
The validation errors
- Return type:
array
Returns the validation errors. First, this function checks the validation errors that are stored in the session. To store the errors in the session, you need to use
withInput()
withredirect()
.The returned array is the same as
Validation::getErrors()
. See Validation for details.Note
This function does not work with In-Model Validation. If you want to get the validation errors in model validation, see Getting Validation Errors.
Example:
<?php $errors = validation_errors(); ?>
- validation_list_errors($template = 'list')
Added in version 4.3.0.
- Parameters:
$template (
string
) – Validation template name
- Returns:
Rendered HTML of the validation errors
- Return type:
string
Returns the rendered HTML of the validation errors.
The parameter
$template
is a Validation template name. See Customizing Error Display for details.This function uses
validation_errors()
internally.Note
This function does not work with In-Model Validation. If you want to get the validation errors in model validation, see Getting Validation Errors.
Example:
<?= validation_list_errors() ?>
- validation_show_error($field, $template = 'single')
Added in version 4.3.0.
- Parameters:
$field (
string
) – Field name$template (
string
) – Validation template name
- Returns:
Rendered HTML of the validation error
- Return type:
string
Returns a single error for the specified field in formatted HTML.
The parameter
$template
is a Validation template name. See Customizing Error Display for details.This function uses
validation_errors()
internally.Note
This function does not work with In-Model Validation. If you want to get the validation errors in model validation, see Getting Validation Errors.
Example:
<?= validation_show_error('username') ?>