[development] The new menu system
adrian rossouw
adrian at bryght.com
Wed Sep 27 14:23:32 UTC 2006
On 27 Sep 2006, at 9:35 AM, Dries Buytaert wrote:
> Any particular reason not to use %d and %s? I'd favor the use of %
> d and %s (instead of %) for two reasons:
>
> 1. Security. It allows us to cast URL parameters to their proper
> type. This helps to prevent XSS/SQL injection attacks.
>
> 2. Consistency. People familiar with the database API can easily
> guess what they do.
It DRAMATICALLY increases the number of possible matches.
Secondly, I don't feel that chx actually explained this correctly,
but we store the generated menu items, into a normalised database table.
So we can get the callback through a single 'select * from
{menu_tree} where path in (/* generated list of possible options */)
order by likelihood, slashes, wildcards';
so you get 1 single sql query that can get the result, instead of
unserialising the massive tree.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20060927/e3af4651/attachment.htm
More information about the development
mailing list