Hello,
I want to use the data from a textbox input to do a select statement on a sql db.
Are there any inbuilt methods that drupal uses to sanitize textbox inputs? I'm worried if I accept data in a textbox and apply it to an sql command it will do bad stuff (tm).
Is there a simple code snippet or module for sanitizing?
Paul
http://api.drupal.org/api/function/db_query/6
On Mar 2, 2010, at 3:08 PM, spartaguy spartaguy wrote:
Hello,
I want to use the data from a textbox input to do a select statement on a sql db.
Are there any inbuilt methods that drupal uses to sanitize textbox inputs? I'm worried if I accept data in a textbox and apply it to an sql command it will do bad stuff (tm).
Is there a simple code snippet or module for sanitizing?
Paul
-- [ Drupal support list | http://lists.drupal.org/ ]
Thanks! this should do the job.
On Wed, Mar 3, 2010 at 8:27 AM, Domenic Santangelo domenics@gmail.comwrote:
http://api.drupal.org/api/function/db_query/6
On Mar 2, 2010, at 3:08 PM, spartaguy spartaguy wrote:
Hello,
I want to use the data from a textbox input to do a select statement on a
sql db.
Are there any inbuilt methods that drupal uses to sanitize textbox
inputs?
I'm worried if I accept data in a textbox and apply it to an sql command
it will do bad stuff (tm).
Is there a simple code snippet or module for sanitizing?
Paul
-- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]
What about when doing node_load() and displaying HTML? I never can find the function to clean up HTML for XXS and whatever before displaying...
Thanks
Fred Jones ha scritto:
What about when doing node_load() and displaying HTML?
Attention: node_load() is not the step when node is rendered. Install "devel" module and you can see two new tabs for every node: "Dev Load" and "Dev Render". The first contains data of the node when it is loaded and the second contains the node's data when it's rendered (for display/html).
I never can find the function to clean up HTML for XXS and whatever before displaying...
you need to use "input filter" and the function to use is "|check_markup".
M. |
On Wed, Mar 3, 2010 at 5:52 AM, Michel Morelli michel@ziobuddalabs.it wrote:
you need to use "input filter" and the function to use is "check_markup".
That is part of the story for simple cases, but not enough if your node is complex. Complex nodes need to be rendered using node_view http://api.drupal.org/api/function/node_view
Please also consider this text filtering cheat sheet which helps take the confusion out of when to use which of the many text filtering functions:
http://crackingdrupal.com/blog/greggles/drupal-text-filtering-decision-cheat...
Regards, Greg
Greg Knaddison ha scritto:
On Wed, Mar 3, 2010 at 5:52 AM, Michel Morelli michel@ziobuddalabs.it wrote:
you need to use "input filter" and the function to use is "check_markup".
That is part of the story for simple cases,
Yes. If you need to display only an item content you can use "check_markup". node_load()+check_markup it's more quick than a node_view() (for a single or few node's items). In all other case node_view is the right choice.
M.
On Wed, Mar 3, 2010 at 6:33 AM, Michel Morelli michel@ziobuddalabs.it wrote:
Yes. If you need to display only an item content you can use "check_markup". node_load()+check_markup it's more quick than a node_view() (for a single or few node's items). In all other case node_view is the right choice.
I think you simplify too much. The check_markup solution will only display content in the $node->body and it doesn't allow other modules on the site to do the normal overriding that they might do (many modules work that way) so I consider the check_markup solution only a solution for very specific sites. Further, it doesn't render any cck, location, or other fields that might normally appear in a "node's content."
If someone is building a general module they should use node_view (or copy the code from node_view and alter appropriately).
Regards, Greg
Greg Knaddison ha scritto:
On Wed, Mar 3, 2010 at 6:33 AM, Michel Morelli michel@ziobuddalabs.it wrote:
Yes. If you need to display only an item content you can use "check_markup". node_load()+check_markup it's more quick than a node_view() (for a single or few node's items). In all other case node_view is the right choice.
I think you simplify too much. The check_markup solution will only display content in the $node->body
No, you can use this function where you want.
and it doesn't allow other modules on the site to do the normal overriding that they might do (many modules work that way) so I consider the check_markup solution only a solution for very specific sites.
Not for very specific sites, but for very specific situations/cases. IMHO.
And the question is: are we talking, in this thread, on display a value of a node's field in a specific situation (like a costum module) or are we talking on which is the right way to display a node's fields in every situation ?
If someone is building a general module they should use node_view (or copy the code from node_view and alter appropriately).
But node_view exec more and more query that could be useless. Think a content type with 10+ fields (text, image, fileattach and maps) and a situation that needs only the "title" field. Use of node_view is useless and bad for the performance.
M.
-
Domenic Santangelo -
Fred Jones -
Greg Knaddison -
Michel Morelli -
spartaguy spartaguy