[development] Forms API newbie guide?

Karoly Negyesi karoly at negyesi.net
Mon Jun 19 06:02:48 UTC 2006

> http://grover.open2space.com/files/issues_module.php

Some obvious wrongs:

	$sql = 'select * from issues_projects where project_id = '. $pid;
	$dbresult = db_query($sql);

this is the biggest no-no

$sql = 'select * from issues_projects where project_id = %d';
$dbresult = db_query($sql, $pid);

(yes there is a is_numeric check -- that's at least something, but then  
you are reinventing the wheel... and what you will do when you work with  
strings? better if you get used to placeholders)

$form['projectid'] = array('#type' => 'hidden', '#value' =>  

you are much more secure with

$form['projectid'] = array('#type' => 'value', '#value' =>  

I would simply echo (or more nifty, watchdog) that $prj->project_id in  
here -- are you sure the problem is with form API?

Anyways, this is much better suited for a forum topic...

More information about the development mailing list