CODEWITHSUNDEEP
phplaravellaravel-4
retrograde
retrograde

Reputation: 2979

Passing data from view to controller in Laravel

I understand that passing record ids through the url isn't usually a good idea, but I am wondering how I can avoid it in my case:

My objective is to list job statuses on a user dashboard and allow users to adjust the status.

I create my view and pass variables to it using the session:

userController.php

public function getdashboard()
    {
       //reading the user information
    $arrPageData['user'] = Sentry::getUser();
       //reading the job interviews
    $arrPageData['jobInterviews'] = JobInterview::readCurrentInterviews($this->userID);

    return View::make('clients.dashboard', $arrPageData);
    }

This part works great and I don't use the record id in the route. I iterate through the jobInterviews in the dashboard view. Depending up on the status listed in the DB table, I give the user options

view file: dashboard.blade.php (snippet)

@foreach ($jobInterviews as $interviews)
    @if ($interviews->j == $job->id)
        <tbody>
        <tr>
        <td>
        {{$interviews->contact_name}}
        @if ($interviews->status == 'interview request accepted')

    <a href="#"  class="btn btn-danger btn-small" data-toggle="modal" data-target=".mymodal{{ $interviews->interview_id }}">Hire</a>
       @elseif ($interviews->status == 'hired')
        <button id="complete" class="btn btn-info btn-small">Mark Project Complete</button>
        @endif
        </td>
        <td>{{$interviews->status}} </td>
        </tr>
        </tbody>
         ...

The problem that I am having is that to complete the job status change, I am calling the method and passing in the record id:

Still in dashboard.blade.php

<form action="../jobs/offer/{{$interviews->interview_id}}" method="post">

This is then routed through: 

Route::post('/jobs/offer/{id}','JobController@jobOffer');

Everything works as I want it to but I don't think I am doing it right from a security stand point. Is there a better way to call the jobOffer method and change the status besides using the record id in the route when getting the data from an array i've iterated through?

Thanks in advance for the help.

Upvotes: 0

Views: 11592

Answers (1)

The Alpha
The Alpha

Reputation: 146269

You may try this:

{{ Form::open(array('action' => array('JobController@jobOffer', $interviews->interview_id))) }}
    <!-- Rest of the form fields -->
{{ Form::close() }}

This way you don't need to add csrf/_method input manually and by default it's METHOD would be POST so you can omit that.

Upvotes: 2

Related Questions