Don’t forget your XID!

Having just spent over an hour trying to work out why my Module Control Panel forms weren’t submitting correctly, I thought I’d document the fix here (for my purposes and yours).

The error I was seeing was that when submitting my control panel form, rather than posting to my module function, the form was redirecting back to the ExpressionEngine control panel homepage. The reason for this? I had forgotten to include the XID secure form hidden post variable.

Wrong

<form method="post" action="<?=$base_url?>&amp;method=save">
...blah
<input type="submit" name="Save"/>
</form>

Right

<form method="post" action="<?=$base_url?>&amp;method=save">
<input type="hidden" name="XID" value="<?=XID_SECURE_HASH?>" />
blah
<input type="submit" name="Save"/>
</form>
19
Dec 2011
POSTED BY
POSTED IN ExpressionEngine
DISCUSSION 2 Comments
TAGS

  • http://twitter.com/monooso Stephen Lewis

    Hi James,

    EE / CI’s form helper is your friend. Just use the `form_open` method, and EE will take care of all that pesky XID stuff for you.

    The helper isn’t mentioned in the EE docs, but does have a page in the CI user guide: http://codeigniter.com/user_guide/helpers/form_helper.html.

    Cheers,
    Stephen

    • http://www.spibey.com/ James Spibey

      Yes, good point, thanks for the reminder