[development] The new menu system

adrian rossouw adrian at bryght.com
Wed Sep 27 14:23:32 UTC 2006

On 27 Sep 2006, at 9:35 AM, Dries Buytaert wrote:

> Any particular reason not to use %d and %s?  I'd favor the use of % 
> d and %s (instead of %) for two reasons:
>   1. Security.  It allows us to cast URL parameters to their proper  
> type.  This helps to prevent XSS/SQL injection attacks.
>   2. Consistency.  People familiar with the database API can easily  
> guess what they do.
It DRAMATICALLY increases the number of possible matches.

Secondly, I don't feel that chx actually explained this correctly,  
but we store the generated menu items, into a normalised database table.

So we can get the callback through a single 'select * from  
{menu_tree} where path in (/* generated list of possible options */)  
order by likelihood, slashes, wildcards';

so you get 1 single sql query that can get the result, instead of  
unserialising the massive tree.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20060927/e3af4651/attachment.htm

More information about the development mailing list