The Form API

Abstract

Drupal 4.7 and later feature an application programming interface (API) for generating, validating, and processing HTML forms. The form API abstracts forms into a nested array of properties and values. The array is then rendered by the form-rendering engine at the appropriate time while a page is being generated. There are several implications of this approach:
  • • Rather than output HTML, we create an array and let the engine generate the HTML.

  • • Since we are dealing with a representation of the form as structured data, we can add, delete, reorder, and change forms. This is especially handy when you want to modify a form created by a different module in a clean and unobtrusive way.

  • • Any form element can be mapped to any theme function.

  • • Additional form validation or processing can be added to any form.

  • • Operations with forms are protected against form injection attacks, where a user modifies a form and then tries to submit it.

  • • The learning curve for using forms is a little steeper!

Keywords

Shoe Ooze 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© John K. VanDyk and Matt Westgate 2007

Personalised recommendations