[documentation] [Documentation support] Why use db_rewrite_sql?

piersonr drupal-docs at drupal.org
Thu Oct 12 00:57:50 UTC 2006


Issue status update for 
http://drupal.org/node/47360
Post a follow up: 
http://drupal.org/project/comments/add/47360

 Project:      Documentation
 Version:      <none>
 Component:    Developer Guide
 Category:     support requests
 Priority:     normal
 Assigned to:  subha
 Reported by:  subha
 Updated by:   piersonr
 Status:       active

I'm also unclear about this. I've searched the forums, and the only
answer I could find was on the writing secure code [1] page.


"we are dealing with nodes and the node access mechanism kicks in via
db_rewrite_sql so we are utilizing it. It's really easy and yet it's so
often neglected!


So, once more; There are three kind of errors you need to avoid: XSS
with proper checking, SQL injections with proper db_query usage and node
access bypass by utilizing db_rewrite_sql.

"
On the documentation for db_rewrite_sql [2] it says:


"Rewrites node, taxonomy and comment queries. Use it for listing
queries. Do not use FROM table1, table2 syntax, use JOIN instead.

"
Are "listing queries" any query where you will be outputting several
nodes via pager_query [3]?


If so, the db_rewrite_sql page should link to pager_query and vice
versa, with an explanation of their relationship.
[1] http://drupal.org/node/62304
[2] http://api.drupal.org/api/HEAD/function/db_rewrite_SQL
[3] http://api.drupal.org/api/HEAD/function/pager_query




piersonr



Previous comments:
------------------------------------------------------------------------

Wed, 01 Feb 2006 09:00:30 +0000 : subha

I am not understanding the use of the drupal function db_rewite_sql.What
is basically does.Can that functionality cannot be acheived bu
db_query().






More information about the documentation mailing list