[support] sanitizing text box input for sql searches (custom search)

Michel Morelli michel at ziobuddalabs.it
Wed Mar 3 14:05:03 UTC 2010 

Greg Knaddison ha scritto:
> On Wed, Mar 3, 2010 at 6:33 AM, Michel Morelli <michel at ziobuddalabs.it> wrote:
>   
>> Yes. If you need to display only an item content you can use "check_markup".
>> node_load()+check_markup it's more quick than a node_view() (for a single or
>> few node's items).
>> In all other case node_view is the right choice.
>>
>>     
>
> I think you simplify too much. 
> The check_markup solution will only
> display content in the $node->body 
No, you can use this function where you want.

> and it doesn't allow other modules
> on the site to do the normal overriding that they might do (many
> modules work that way) so I consider the check_markup solution only a
> solution for very specific sites.
Not for very specific sites, but for very specific situations/cases. IMHO.

And the question is: are we talking, in this thread, on display a value 
of a node's field in a specific situation (like a costum module) or are 
we talking on which is the right way to display a node's fields in every 
situation ?

> If someone is building a general module they should use node_view (or
> copy the code from node_view and alter appropriately).
>   
But node_view exec more and more query that could be useless. Think a 
content type with 10+ fields (text, image, fileattach and maps) and a 
situation that needs only the "title" field. Use of node_view is useless 
and bad for the performance.

M.

-- 
Michel 'ZioBudda' Morelli                       michel at ziobuddalabs.it
Sviluppo applicazioni CMS DRUPAL e web dinamiche (LAMP+Ajax)
Telefono: 0200619074
Telefono Cell: +39-3939890025 --  Fax: +39-0291390660

http://www.ziobudda.net                         ICQ: 58351764  
http://www.ziobuddalabs.it                      Skype: zio_budda
http://www.ziodrupal.net       			MSN: michel at ziobuddalabs.it                   
						JABBER: michel at ziobuddalabs.it

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20100303/7ed00353/attachment-0001.html

More information about the support mailing list