[development] Forms API newbie guide?

Shawn sgrover at open2space.com
Mon Jun 19 06:11:47 UTC 2006


Karoly Negyesi wrote:
>> http://grover.open2space.com/files/issues_module.php
> 
> Some obvious wrongs:
> 
>     $sql = 'select * from issues_projects where project_id = '. $pid;
>     $dbresult = db_query($sql);
> 
> this is the biggest no-no
> 
> $sql = 'select * from issues_projects where project_id = %d';
> $dbresult = db_query($sql, $pid);
> 
> (yes there is a is_numeric check -- that's at least something, but then 
> you are reinventing the wheel... and what you will do when you work with 
> strings? better if you get used to placeholders)
> 
> $form['projectid'] = array('#type' => 'hidden', '#value' => 
> $prj->project_id);
> 
> you are much more secure with
> 
> $form['projectid'] = array('#type' => 'value', '#value' => 
> $prj->project_id);
> 
> I would simply echo (or more nifty, watchdog) that $prj->project_id in 
> here -- are you sure the problem is with form API?
> 
> Anyways, this is much better suited for a forum topic...
> 
> 

Thanks for the feedback.  I'll open a form posting.  As for the echo - 
no joy in the _submit or _validate functions (I think it has to do with 
included files being processed then an ob_clear() being called).  the 
watchdog function sounds promising, I'll look into it.

The likely culprit is my code, not the form api per se.  But I'm 
struggling trying to figure out why my code is not raising errors, but 
not working.

Anyways, thanks again, I'll move this to the forums.

Shawn



More information about the development mailing list