Hi all, I messed up with this problem:
In my controller action, I alreadly populated a special model attribute (for example project_id attribute as shown below) with one value:
public function actionCreate()
$model->project_id = $this->_project->id;
Then why in _form for the above create action we have to use hiddenField for this attribute:
<?php echo $form->hiddenField($model,'project_id'); ?>
Why not remove them compeletely?
Could you give me some advice? Thank you.
I am not sure whether you are referring to a specific project but usually hidden fields are used to transfer data invisibly between pages so my guess here would be the same.
It depend on how you get "$this->_project->id" if it is not pupulated
by form value soe hidden field can be deleted i think.
Thank you both for your answer.
However, my question is mainly focus on: could I just remove field after I have populated into the model, or will I have to stick with hidden field, is this a "security issue" that if I completely remove it the logic will be break somewhere (in fact, when I remove it I see no error).
But till I am not supper at Yii, I really need your help for my vague thought.
As bettor and riemann suggests, it depends on the meaning of "$this->_project->id".
What is it and how do you get it?
Note that your "actionCreate" is called at least twice: 1) before rendering the input form, and 2) after receiving the form submission. And in each call you will get "$this->_project->id".
Is it assured to be the same value?
If it is, then you can safely remove the hidden field.
If not, you have to pass the value of it from the 1st call to the 2nd call with a hidden field (or by a session data).