10.
Listing 3.10: The home page action view: index.phtml

escape($this->title);?>

#1
places)) : ?>

places as $place) : ?>

#2
#3

echo $this->escape($place->name); ?>

displayDate($place->dateUpdated); ?>

(annotation) <#1 Reuse that title again!>
(annotation) <#2 escape() helper to help guard against XSS attacks.>
(annotation) <#3 DisplayDate() convenience helper .>
Note that we are very careful to escape any string data that we know should not include HTML. This is to
ensure that we don??™t accidentally introduce an XSS vulnerability later down the line when a variable that is
currently ???known to be safe??? ceases to be as the site??™s functionality changes; it is always better to code
defensively at the start when you can.
The DisplayDate View Helper
The power of the view is shown when using view helpers to encapsulate view logic away from the main
template files. This allows us to reuse common constructs and also helps to keep the main templates free from
???cruft???. When displaying the list of places that have been recently updated, we also display the on which date
that the last update occurred.


Pages:
92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116