OK - just an update. The problem is not with the form->create + ajax->submit but rather with the form->XXX_Control. When producing the security token at least form->textarea is not hashed correctly. To get around it I found I can produce a text area using:
echo $form->input('message',array('label' => 'Enter Your Message', 'empty' => false,'type' => 'textarea')); And the security problem was gone. Hope this helps to someone else who encounter this in the future... On Jun 6, 10:22 am, Ita <[EMAIL PROTECTED]> wrote: > Hello, > I have just encountered this problem. > I'm trying to post the form via ajax. > I just can't seem to get around the problem. > > I used form->create together with ajax->submit or plain HTML form tag > with ajax->submit or ajax->form all of them fail in the security > component. > > What combination should I use to submit the form in ajax? > > On May 24, 9:41 am, Mika <[EMAIL PROTECTED]> wrote: > > > Hey Larry, > > > It was more that I developed the site with 1.2 while it was still > > changing a lot so I decided to keep the forms "pure". I will have a > > look at converting them to helper calls and see how well it works with > > what I have already. > > > One comment though is that you really should make the message more > > pronounced (at least on debug mode) as the form would just stop > > working and give back a totally blank screen, I had to set up a whole > > XDebug session just to step through the application to see that the > > actual post back was being blackholed. The result I was getting was a > > blank page with the database trace, and even if I put statements like > > die('here') in my action, it would never hit it so I was getting > > pretty confused for a while ;) > > > Loving 1.2 though, and I can't wait for it to become stable. > > > Cheers, > > Mladen (Mika) > > > On May 23, 4:20 pm, "Larry E. Masters aka PhpNut" <[EMAIL PROTECTED]> > > wrote: > > > > Mika, > > > > If you are using hand-written forms you will need to follow the example > > > here:https://trac.cakephp.org/changeset/4978toremoveany fields that are > > > added by hand. > > > > Note when the security component is used you should still use the > > > $form->create(); and the $form->submit(); if not your forms will not have > > > the expected hidden fields and will be considered invalid anyway. > > > > Do you really like writing all the forms yourself or is there another > > > reason > > > you are not using the helper? > > > > -- > > > /** > > > * @author Larry E. Masters > > > * @var string $userName > > > * @param string $realName > > > * @returns string aka PhpNut > > > * @access public > > > */ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---