View Renderer
Using the View Renderer
The view()
function is a convenience function that grabs an instance of the
renderer
service, sets the data, and renders the view. While this is often
exactly what you want, you may find times where you want to work with it more directly.
In that case you can access the View service directly:
$view = \Config\Services::renderer();
Alternately, if you are not using the View
class as your default renderer, you
can instantiate it directly:
$view = new \CodeIgniter\View\View();
Important
You should create services only within controllers. If you need access to the View class from a library, you should set that as a dependency in your library’s constructor.
Then you can use any of the three standard methods that it provides:
render()
,
setVar()
and
setData()
.
What It Does
The View
class processes conventional HTML/PHP scripts stored in the application’s view path,
after extracting view parameters into PHP variables, accessible inside the scripts.
This means that your view parameter names need to be legal PHP variable names.
The View class uses an associative array internally, to accumulate view parameters
until you call its render()
. This means that your parameter (or variable) names
need to be unique, or a later variable setting will over-ride an earlier one.
This also impacts escaping parameter values for different contexts inside your script. You will have to give each escaped value a unique parameter name.
No special meaning is attached to parameters whose value is an array. It is up to you to process the array appropriately in your PHP code.
Setting View Parameters
The setVar()
method sets a view parameter.
$view->setVar('name', 'Joe', 'html');
The setData()
method sets multiple view
parameters at once.
$view->setData(['name' => 'George', 'position' => 'Boss']);
Method Chaining
The setVar()
and setData()
methods are chainable, allowing you to combine a
number of different calls together in a chain:
$view->setVar('one', $one)
->setVar('two', $two)
->render('myView');
Escaping Data
When you pass data to the setVar()
and setData()
functions you have the option to escape the data to protect
against cross-site scripting attacks. As the last parameter in either method, you can pass the desired context to
escape the data for. See below for context descriptions.
If you don’t want the data to be escaped, you can pass null
or 'raw'
as the final parameter to each function:
$view->setVar('one', $one, 'raw');
If you choose not to escape data, or you are passing in an object instance, you can manually escape the data within
the view with the esc()
function. The first parameter is the string to escape. The second parameter is the
context to escape the data for (see below):
<?= esc($object->getStat()) ?>
Escaping Contexts
By default, the esc()
and, in turn, the setVar()
and setData()
functions assume that the data you want to
escape is intended to be used within standard HTML. However, if the data is intended for use in Javascript, CSS,
or in an href attribute, you would need different escaping rules to be effective. You can pass in the name of the
context as the second parameter. Valid contexts are 'html'
, 'js'
, 'css'
, 'url'
, and 'attr'
:
<a href="<?= esc($url, 'url') ?>" data-foo="<?= esc($bar, 'attr') ?>">Some Link</a>
<script>
var siteName = '<?= esc($siteName, 'js') ?>';
</script>
<style>
body {
background-color: <?= esc('bgColor', 'css') ?>
}
</style>
View Renderer Options
Several options can be passed to the render()
or renderString()
methods:
cache
- the time in seconds, to save a view’s results; ignored for renderString()cache_name
- the ID used to save/retrieve a cached view result; defaults to the viewpath; ignored forrenderString()
saveData
- true if the view data parameters should be retained for subsequent calls
Note
saveData()
as defined by the interface must be a boolean, but implementing
classes (like View
below) may extend this to include null
values.
Class Reference
- class CodeIgniter\View\View
- render($view[, $options[, $saveData = false]])
- Parameters
$view (
string
) – File name of the view source$options (
array
) – Array of options, as key/value pairs$saveData (
boolean|null
) – If true, will save data for use with any other calls. If false, will clean the data after rendering the view. If null, uses the config setting.
- Returns
The rendered text for the chosen view
- Return type
string
Builds the output based upon a file name and any data that has already been set:
echo $view->render('myview');
- renderString($view[, $options[, $saveData = false]])
- Parameters
$view (
string
) – Contents of the view to render, for instance content retrieved from a database$options (
array
) – Array of options, as key/value pairs$saveData (
boolean|null
) – If true, will save data for use with any other calls. If false, will clean the data after rendering the view. If null, uses the config setting.
- Returns
The rendered text for the chosen view
- Return type
string
Builds the output based upon a view fragment and any data that has already been set:
echo $view->renderString('<div>My Sharona</div>');
Warning
This could be used for displaying content that might have been stored in a database, but you need to be aware that this is a potential security vulnerability, and that you must validate any such data, and probably escape it appropriately!
- setData([$data[, $context = null]])
- Parameters
$data (
array
) – Array of view data strings, as key/value pairs$context (
string
) – The context to use for data escaping.
- Returns
The Renderer, for method chaining
- Return type
CodeIgniter\View\RendererInterface.
Sets several pieces of view data at once:
$view->setData(['name' => 'George', 'position' => 'Boss']);
Supported escape contexts:
html
,css
,js
,url
, orattr
orraw
. If'raw'
, no escaping will happen.Each call adds to the array of data that the object is accumulating, until the view is rendered.
- setVar($name[, $value = null[, $context = null]])
- Parameters
$name (
string
) – Name of the view data variable$value (
mixed
) – The value of this view data$context (
string
) – The context to use for data escaping.
- Returns
The Renderer, for method chaining
- Return type
CodeIgniter\View\RendererInterface.
Sets a single piece of view data:
$view->setVar('name', 'Joe', 'html');
Supported escape contexts:
html
,css
,js
,url
,attr
orraw
. If'raw'
, no escaping will happen.If you use the a view data variable that you have previously used for this object, the new value will replace the existing one.