Yii 2 Create Method on Controller

Greetings to everyone from around the world who follows this blog. Programming knowledge does not recognize borders, which really points to how superficial borders are. I know I’ve said that before, but everytime I get a supportive email from someone on the other side of the planet, it really hits home.

I also appreciate all the positive comments, reviews, and word-of-mouth referrals on my book, Yii 2 For Beginners. Readers of the book have been very helpful in elevating the quality of the book by pointing out typos and bugs. I’m happy to say as of the last update, the code in the book is 100% working. Updates are free for the life of the book and I plan on adding material to the book several times a year.

So for those who are unfamiliar with Yii 2 or have never worked with a PHP framework before, I want to demonstrate just how powerful a single method on the Yii 2 Framework can be. This insight came to me as I was working on an idea for a 2nd book, a book on beginning PHP, for people who have never programmed before.

Anyway, I wanted to simulate a framework to teach PHP fundamentals. I didn’t build an actual framework for the following reasons:

1. That’s too intense for beginning PHP.

2. It would take me a 100 years to write the book.

3. It would be a 100 years of wasted time.

The reason why I say it would be wasted time is because of how great the Yii 2 framework is. It makes the idea of building a framework from scratch a bit silly, unless you have very good reason to do so. Why reinvent the wheel, especially when we have such an amazing wheel to work with in the first place?

Anyway, this was made abundantly clear to me as I was staring at the code I made for my simulated controller code. I used a switch statement to simulate individual actions, and this is what the create action looks like. I’ll explain each section, but to start, here it is in one ugly, proceedural block:


case('/mysong/src/controllers/songcontroller.php/create' == $uri):
                      
            if (isset($_POST)){
                
                $post = Security::sanitizeInput($_POST['form_token']);
                $session = Security::sanitizeInput($_SESSION['form_token']);
            }
            
            if (isset($_POST) && Security::matchTokens($post, $session)){
                       
            $song_name = Security::sanitizeInput($_POST['song_name']);
            $visibility = Security::sanitizeInput($_POST['visibility']);
            $video_source = Security::sanitizeInput($_POST['video_source']);
            $video_is_featured = Security::sanitizeInput(isset($_POST['video_is_featured']));
            $video_is_active_item = Security::sanitizeInput(isset($_POST['video_is_active_item']));

            if ($video_is_active_item == true){
                
                $video_is_active_item = 1;
                
            } else {
                
                $video_is_active_item = 0;
            }
            
            if ($video_is_featured == true){
                
                $video_is_featured = 1;
                
            } else {
                
                $video_is_featured = 0;
                
            }
            
            if (!Validators::validateDropDownOption($visibility)){
                
                $visibility = 'Private';
                
            }                      
          
       $cmd = new Query;
       
       $sql = 'INSERT INTO song (song_name, visibility, video_source, 
               video_is_featured, video_is_active_item) VALUES (:song_name, 
               :visibility, :video_source, :video_is_featured, 
               :video_is_active_item);';
       
       $cmd->query($sql); 
       
       $cmd->bind(':song_name', $song_name);
       $cmd->bind(':visibility', $visibility); 
       $cmd->bind(':video_source', $video_source);
       $cmd->bind(':video_is_featured', $video_is_featured);
       $cmd->bind(':video_is_active_item', $video_is_active_item); 

       $cmd->execute();
       
       $cmd->closeDb();
       
            $url = Url::toSong($song_name);
            return header('Location: ' . $url);
           
            break;
            
        } else {
        
             $url = Url::toSongCreate();
             return header('Location: ' . $url);   
             break;
        }

Anyway, we can step through this quickly. If we have post data, make sure the tokens match to prevent CSRF:


 if (isset($_POST)){
                
     $post = Security::sanitizeInput($_POST['form_token']);
     $session = Security::sanitizeInput($_SESSION['form_token']);
 }

 if (isset($_POST) && Security::matchTokens($post, $session)){

If we pass that test, then we set the variables from the form data:


 $song_name = Security::sanitizeInput($_POST['song_name']);
 $visibility = Security::sanitizeInput($_POST['visibility']);
 $video_source = Security::sanitizeInput($_POST['video_source']);
 $video_is_featured = Security::sanitizeInput(isset($_POST['video_is_featured']));
 $video_is_active_item = Security::sanitizeInput(isset($_POST['video_is_active_item']));

We’re using my homegrown Security class to scrub the input. Then we do a little formatting for the check boxes:


if ($video_is_active_item == true){
                
    $video_is_active_item = 1;
                
} else {
                
    $video_is_active_item = 0;
}
            
if ($video_is_featured == true){
                
    $video_is_featured = 1;
                
} else {
                
    $video_is_featured = 0;
                
}
            
if (!Validators::validateDropDownOption($visibility)){
                
    $visibility = 'Private';
                
}
           

I probably would have used ternary syntax if not for the word wrap issues in creating a book.

Anyway, then I use my custom-built Query class to insert the new record:


 $cmd = new Query;
       
       $sql = 'INSERT INTO song (song_name, visibility, video_source, 
               video_is_featured, video_is_active_item) VALUES (:song_name, 
               :visibility, :video_source, :video_is_featured, 
               :video_is_active_item);';
       
       $cmd->query($sql); 
       
       $cmd->bind(':song_name', $song_name);
       $cmd->bind(':visibility', $visibility); 
       $cmd->bind(':video_source', $video_source);
       $cmd->bind(':video_is_featured', $video_is_featured);
       $cmd->bind(':video_is_active_item', $video_is_active_item); 

       $cmd->execute();
       
       $cmd->closeDb();

My bind method autmatically detects string, int, etc. I had a lot of fun creating that. Then we save via execute and close the DB connection. Then we go to the newly created record or show the form if no post data was sent:


$url = Url::toSong($song_name);
return header('Location: ' . $url);
           
break;
            
} else {
        
$url = Url::toSongCreate();
return header('Location: ' . $url);   
break;
}

This is very simple and clear code, easy for a beginner to digest, but it sure did get procedural in a hurry. So I thought about extracting out the methods to further simulate what a framework like Yii 2 would do, but then I thought, hey, why don’t I just show the reader what the framework actually does instead? How would Yii 2 handle this method?

In Yii 2, we would get a single method on the controller. So I grabbed a controller method for the FAQ model we make in the Yii 2 book:


public function actionCreate()
{
    $model = new Faq();

    if ($model->load(Yii::$app->request->post()) && $model->save()) {
        return $this->redirect(['view', 'id' => $model->id]);
    } else {
        return $this->render('create', [
            'model' => $model,
        ]);
    }
}

9 lines, not counting the white space. Now that’s power. It’s starts by creating a new Faq model, which gives us access to all the model attributes and methods. Then comes:


if ($model->load(Yii::$app->request->post()) && $model->save()) {

So what this is doing is loading the $_POST array, which gets all the fields from the form, validating it, and saving it. All that in one line of code. Wow!

If it successfully saves, it returns the view page of the newly created record:


return $this->redirect(['view', 'id' => $model->id]);

In the above, view is the name of the page we want. Yii 2 knows which model the view belongs to and $model->id is the specific instance. No other routing necessary.

If we can’t successfully save, we get the form:


} else {
     return $this->render('create', [
        'model' => $model,
    ]);
}

And that is essentially one line as well. You could style it like so:


return $this->render('create', ['model' => $model,]);

And that’s pretty much it. 9 lines and all the security, validation and formatting is already handled. It’s so simple!

Hopefully I’ve demonstrated at least one reason why I’m such a Yii 2 enthusiast. I will continue to do my best to make the framework as easy to understand for beginners as possible.

Thanks again to everyone who wrote in with encouragement and corrections, especially to those who took the time to do a review on GoodReads.com. As always, any comments, reviews, word-of-mouth referrals, are greatly appreciated.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s