# Building Forms
## Contents
- [Opening A Form](#opening-a-form)
- [CSRF Protection](#csrf-protection)
- [Labels](#labels)
- [Text, Text Area, Password & Hidden Fields](#text)
- [Checkboxes and Radio Buttons](#checkboxes-and-radio-buttons)
- [Drop-Down Lists](#drop-down-lists)
- [Buttons](#buttons)
- [Custom Macros](#custom-macros)
> **Note:** All input data displayed in form elements is filtered through the HTML::entities method.
## Opening A Form
#### Opening a form to POST to the current URL:
echo Form::open();
#### Opening a form using a given URI and request method:
echo Form::open('user/profile', 'PUT');
#### Opening a Form that POSTS to a HTTPS URL:
echo Form::open_secure('user/profile');
#### Specifying extra HTML attributes on a form open tag:
echo Form::open('user/profile', 'POST', array('class' => 'awesome'));
#### Opening a form that accepts file uploads:
echo Form::open_for_files('users/profile');
#### Opening a form that accepts file uploads and uses HTTPS:
echo Form::open_secure_for_files('users/profile');
#### Closing a form:
echo Form::close();
## CSRF Protection
Laravel provides an easy method of protecting your application from cross-site request forgeries. First, a random token is placed in your user's session. Don't sweat it, this is done automatically. Next, use the token method to generate a hidden form input field containing the random token on your form:
#### Generating a hidden field containing the session's CSRF token:
echo Form::token();
#### Attaching the CSRF filter to a route:
Route::post('profile', array('before' => 'csrf', function()
{
//
}));
#### Retrieving the CSRF token string:
$token = Session::token();
> **Note:** You must specify a session driver before using the Laravel CSRF protection facilities.
*Further Reading:*
- [Route Filters](/docs/routing#filters)
- [Cross-Site Request Forgery](http://en.wikipedia.org/wiki/Cross-site_request_forgery)
## Labels
#### Generating a label element:
echo Form::label('email', 'E-Mail Address');
#### Specifying extra HTML attributes for a label:
echo Form::label('email', 'E-Mail Address', array('class' => 'awesome'));
> **Note:** After creating a label, any form element you create with a name matching the label name will automatically receive an ID matching the label name as well.
## Text, Text Area, Password & Hidden Fields
#### Generate a text input element:
echo Form::text('username');
#### Specifying a default value for a text input element:
echo Form::text('email', 'example@gmail.com');
> **Note:** The *hidden* and *textarea* methods have the same signature as the *text* method. You just learned three methods for the price of one!
#### Generating a password input element:
echo Form::password('password');
## Checkboxes and Radio Buttons
#### Generating a checkbox input element:
echo Form::checkbox('name', 'value');
#### Generating a checkbox that is checked by default:
echo Form::checkbox('name', 'value', true);
> **Note:** The *radio* method has the same signature as the *checkbox* method. Two for one!
## Drop-Down Lists
#### Generating a drop-down list from an array of items:
echo Form::select('size', array('L' => 'Large', 'S' => 'Small'));
#### Generating a drop-down list with an item selected by default:
echo Form::select('size', array('L' => 'Large', 'S' => 'Small'), 'S');
## Buttons
#### Generating a submit button element:
echo Form::submit('Click Me!');
> **Note:** Need to create a button element? Try the *button* method. It has the same signature as *submit*.
## Custom Macros
It's easy to define your own custom Form class helpers called "macros". Here's how it works. First, simply register the macro with a given name and a Closure:
#### Registering a Form macro:
Form::macro('my_field', function()
{
return '';
});
Now you can call your macro using its name:
#### Calling a custom Form macro:
echo Form::my_field();