Class Summary HTML_QuickForm_select

Class Summary HTML_QuickForm_select – Class to dynamically create an HTML SELECT


The highlight of this class is that it allows populating the options from associative array or from the database.

Class Trees for HTML_QuickForm_select

Classes that extend HTML_QuickForm_select
Class Summary
HTML_QuickForm_hiddenselect Creates hidden elements with select's values

HTML_QuickForm_select Inherited Methods

Inherited from HTML_QuickForm_element
Method Name Summary
Constructor HTML_QuickForm_element::HTML_QuickForm_element() Class constructor
HTML_QuickForm_element::accept() Accepts a renderer
HTML_QuickForm_element::apiVersion() Returns the current API version
HTML_QuickForm_element::exportValue() Returns a 'safe' element's value
HTML_QuickForm_element::freeze() Freeze the element so that only its value is returned
HTML_QuickForm_element::getFrozenHtml() Returns the value of field without HTML tags
HTML_QuickForm_element::getLabel() Returns display text for the element
HTML_QuickForm_element::getName() Returns the element name
HTML_QuickForm_element::getType() Returns element type
HTML_QuickForm_element::getValue() Returns the value of the form element
HTML_QuickForm_element::isFrozen() Returns whether or not the element is frozen
HTML_QuickForm_element::onQuickFormEvent() Called by HTML_QuickForm whenever form event is made on this element
HTML_QuickForm_element::setLabel() Sets display text for the element
HTML_QuickForm_element::setName() Sets the input field name
HTML_QuickForm_element::setPersistantFreeze() Sets wether an element value should be kept in an hidden field when the element is frozen or not
HTML_QuickForm_element::setValue() Sets the value of the form element
HTML_QuickForm_element::unfreeze() Unfreezes the form element
Class constructor (Previous) Class constructor (Next)
Last updated: Sat, 16 Feb 2019 — Download Documentation
Do you think that something on this page is wrong? Please file a bug report.
View this page in:
  • English

User Notes:

Note by:
Be advised that the HTML_QuickForm_select control does not call htmlspecialchars() when displaying the option tags in the select list. This makes it susceptible to html injection when the option names in the select may have come from user input.

The maintainers are aware of this and have chosen not to address this issue because to fix it would break some existing classes that actually depend on the current behavior.

When using this control with dynamically generated options, you should take care to sanitize any options strings with htmlspecialchars() before passing them into the control. Note also that this makes the loadQuery() and loadDbResult() methods unsafe to use.
Note by:
Yeah, what's wrong with this page is it provides no explanation how to use the class at all.