Custom method for grabbing a row based on its ID

More times then none when working with a database, you need a general purpose method for grabbing fields from a row that matches an id. Cake has built in magic methods based on the table column that do just that, for example findById() or findBySlug(), but sometimes it grabs associated data that you do not want. Below is a basic method that you can place in your AppModel to grab a row based on its id, with optional parameters for restricting what fields to grab or what associations to contain.

/**
 * Grab a row and defined fields/containables
 *
 * @param int $id
 * @param array $fields
 * @param array $contain
 * @return array
 */
public function get($id, $fields = array(), $contain = false) {
	if (empty($fields)) {
		$fields = $this->alias .'.*';
	} else {
		foreach ($fields as $row => $field) {
			$fields[$row] = $this->alias .'.'. $field;
		}
	}
	return $this->find('first', array(
		'conditions' => array($this->alias .'.id' => $id),
		'fields' => $fields,
		'contain' => $contain
	));
}

With a little bit of editing, you can make it work for other fields other then id. You must also have containable listed in your behaviors for the 3rd argument to work. If you still aren't sure how to use this method, the following examples should help.

// Grab a basic row based on id
$user = $this->User->get($id);
// Grab a row and limit fields
$user = $this->User->get($id, array('id', 'username'));
// Grab a row, fields and associations
$user = $this->User->get($id, array('id', 'username'), array('Country', 'Profile'));

Stripping HTML automatically from your data

About a week ago I talked about automatically sanitizing your data before its saved. Now I want to talk about automatically stripping HTML from your data before its saved, which is good practice. Personally, I hate saving any type of HTML to a database, thats why I prefer a BB code type system for this website. To strip all tags from your data, add this method to your AppModel.

/**
 * Strip all html tags from an array
 *
 * @param array $data
 * @return array
 */
public function cleanHtml($data) {
	if (is_array($data)) {
		foreach ($data as $key => $var) {
			$data[$key] = $this->cleanHtml($var);
		}
	} else {
		$data = Sanitize::html($data, true);
	}
	return $data;
}

Pretty simple right? The next and final step is to add it to AppModel::beforeSave(). In the next example, I will use the code snippet from my previous related article. Once you have done this your are finished, now go give it a test drive.

function beforeSave() {
	if (!empty($this->data) && $this->cleanData === true) {
		$connection = (!empty($this->useDbConfig)) ? $this->useDbConfig : 'default';
		$this->data = Sanitize::clean($this->data, array('connection' => $connection, 'escape' => false));
		$this->data = $this->cleanHtml($this->data);
	}
	return true;
}

Automatically sanitizing data with beforeSave()

So if you are like me and hate having to sanitize or clean your data manually within each action, and was hoping there was an easier way, there is. Simple combine the magic of Model::beforeSave() and the powerful strength of Sanitize::clean().

function beforeSave() {
	if (!empty($this->data) && $this->cleanData === true) {
		$connection = (!empty($this->useDbConfig)) ? $this->useDbConfig : 'default';
		$this->data = Sanitize::clean($this->data, array('connection' => $connection, 'escape' => false));
	}
	return true;
}

The previous code will attempt to clean all data before it is saved. Secondly it will convert HTML, it will not strip tags completely. So if you do not want HTML in your database, you will need to add some extra functionality and set encode to false in the clean() options.

But that's not it, were not finished just yet. You may have noticed a $cleanData variable and are probably wondering what it does. This is a custom property that should be placed in your AppModel and IS NOT a CakePHP property. By placing it in the AppModel we will receive no error notices and all data will be cleaned, additionally you can disable cleaning in certain models by setting the property to false in the respective model.

public $cleanData = true;
Known Errors

So far this has worked smoothly, except for the following exception:

- Serialized arrays will be escaped incorrectly and will break when trying to unserialize(), simply set $cleanData to false to not escape the serialized arrays.

- When escape is set to true, all data will have slashes added on top of the slashes already added with the Model class, so its best to turn escaping off.

Pre-populating form values

When I first started using CakePHP, I couldn't find a way to pre-populate a form with data. Why would I need this you ask? Well it's simple, it would be used to edit something already existent. So what I need to do is grab the data from the database, and then populate the form. Took me a few hours to figure out how to do it, the guide really didn't explain how it should be done (or I just overlooked it). To have the data populate, all you need to do is to set $this->data to the database result. Heres a quick example action:

function edit($id) {
    $user = $this->User->findById($id);
    // If data is empty, populate it with user array
    if (empty($this->data)) {
    	$this->data = $user;
    }
    // Form is posted
    if ($this->RequestHandler->isPost()) {
   	 	// Do model validation and save
    }
    $this->pageTitle = 'Edit User';
}

Pre-populating will only be done if the post/data is empty; so once you post the form, the new data should fill the form. Now that we have given $this->data some value, we need to make sure the form is using the correct model ($this->data['User'] equals form User). In our case it would be the User model and its as easy as that.

// $this->data['User'] will populate here
echo $form->create('User');
echo $form->input('email');
echo $form->input('website');
echo $form->end();