<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space; "><BR><DIV><DIV>On 27 Sep 2006, at 9:35 AM, Dries Buytaert wrote:</DIV><BR class="Apple-interchange-newline"><BLOCKQUOTE type="cite"><P style="margin: 0.0px 0.0px 0.0px 0.0px"><FONT face="Helvetica" size="3" style="font: 12.0px Helvetica">Any particular reason not to use %d and %s?<SPAN class="Apple-converted-space"> </SPAN>I'd favor the use of %d and %s (instead of %) for two reasons:</FONT></P> <P style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica; min-height: 14.0px"><BR></P> <P style="margin: 0.0px 0.0px 0.0px 0.0px"><FONT face="Helvetica" size="3" style="font: 12.0px Helvetica"><SPAN class="Apple-converted-space"> </SPAN>1. Security.<SPAN class="Apple-converted-space"> </SPAN>It allows us to cast URL parameters to their proper type.<SPAN class="Apple-converted-space"> </SPAN>This helps to prevent XSS/SQL injection attacks.</FONT></P> <P style="margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica; min-height: 14.0px"><BR></P> <P style="margin: 0.0px 0.0px 0.0px 0.0px"><FONT face="Helvetica" size="3" style="font: 12.0px Helvetica"><SPAN class="Apple-converted-space"> </SPAN>2. Consistency.<SPAN class="Apple-converted-space"> </SPAN>People familiar with the database API can easily guess what they do.</FONT></P> </BLOCKQUOTE></DIV>It DRAMATICALLY increases the number of possible matches.<BR><DIV><BR class="khtml-block-placeholder"></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Secondly, I don't feel that chx actually explained this correctly, but we store the generated menu items, into a normalised database table.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>So we can get the callback through a single 'select * from {menu_tree} where path in (/* generated list of possible options */) order by likelihood, slashes, wildcards';</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>so you get 1 single sql query that can get the result, instead of unserialising the massive tree.</DIV><DIV><BR class="khtml-block-placeholder"></DIV></BODY></HTML>