Don’t forget your XID!

Having just spent over an hour trying to work out why my Module Control Panel forms weren’t submitting correctly, I thought I’d document the fix here (for my purposes and yours).

The error I was seeing was that when submitting my control panel form, rather than posting to my module function, the form was redirecting back to the ExpressionEngine control panel homepage. The reason for this? I had forgotten to include the XID secure form hidden post variable.

Wrong

<form method="post" action="<?=$base_url?>&amp;method=save">
...blah
<input type="submit" name="Save"/>
</form>

Right

<form method="post" action="<?=$base_url?>&amp;method=save">
<input type="hidden" name="XID" value="<?=XID_SECURE_HASH?>" />
blah
<input type="submit" name="Save"/>
</form>

Dec 2011

POSTED BY James

POSTED IN ExpressionEngine

DISCUSSION 3 Comments

TAGS

Stephen Lewis

Hi James,

EE / CI’s form helper is your friend. Just use the `form_open` method, and EE will take care of all that pesky XID stuff for you.

The helper isn’t mentioned in the EE docs, but does have a page in the CI user guide: http://codeigniter.com/user_guide/helpers/form_helper.html.

Cheers,
Stephen
- James Spibey
  
  Yes, good point, thanks for the reminder
Robert Wallis

Thanks James! This post was exactly what I needed. I wasn’t using form_open() because real men don’t need to call a function to write a simple tag when they already know HTML. Came here from google “ee control panel submit form”

In Development