Home > Archive > PHP Smarty Templates > March 2004 > Re: [SMARTY] Smarty 'unescape' variable modifier ?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Re: [SMARTY] Smarty 'unescape' variable modifier ?
|
|
| Robby Russell 2004-03-27, 12:31 am |
| Artur Pydo typed this on 03/24/2004 07:47 AM:
> Hi,
>
> I'm manipulating escaped strings before inserting them
> in a sql database. Example : "Human's World".
>
> I would like to display them and was looking for a
> 'unescape' modifier in Smarty.
>
> As i cannot find anything like that, do you think there
> is a easy way to do that in Smarty ?
>
You should unescape them when you remove them from the database in your
SQL statement rather than make your application do it. More logic in db
than in client interface will make your coding easier in the long run.
-Robby
--
Robby Russell, | Sr. Administrator / Lead Programmer
Command Prompt, Inc. | http://www.commandprompt.com
rrussell@commandprompt.com | Telephone: (503) 222.2783
| |
| Artur Pydo 2004-03-27, 12:31 am |
| Hi,
Robby Russell wrote:
> You should unescape them when you remove them from the database in your
> SQL statement rather than make your application do it. More logic in db
> than in client interface will make your coding easier in the long run.
It does not come from database. It comes from a post variable and is
escaped by PHP. But i want to display it _before_ it's inserted into
the database. So in this case it's useless to unescape all post data
before escaping it once again.
--
Best regards,
Artur Pydo.
| |
| Monte Ohrt 2004-03-27, 12:31 am |
| You can create a custom modifier to unescape to your liking, or use the
regex_replace modifier.
You're real problem lies in the fact that PHP is escaping your
variables. SQL escapement should ideally be done just before the SQL
statement. Magic quotes are evil, get rid of 'em IMHO.
On Wed, 2004-03-24 at 10:04, Artur Pydo wrote:
> Hi,
>
> Robby Russell wrote:
>
>
> It does not come from database. It comes from a post variable and is
> escaped by PHP. But i want to display it _before_ it's inserted into
> the database. So in this case it's useless to unescape all post data
> before escaping it once again.
>
> --
>
> Best regards,
>
> Artur Pydo.
| |
| Artur Pydo 2004-03-27, 12:31 am |
| Hi,
Artur Pydo wrote:
> I'm manipulating escaped strings before inserting them
> in a sql database. Example : "Human's World".
>
> I would like to display them and was looking for a
> 'unescape' modifier in Smarty.
>
> As i cannot find anything like that, do you think there
> is a easy way to do that in Smarty ?
I had messju's and Curus answer on IRC :
{$var|stripslashes}
stripslashes() is a php function but there is no need to
use register_modifier for php functions.
If you use $security you should declare stripslashes().
Curus mentionned {include nasty_rant_about_magic_quotes}
as well but i didn't tested it as the first solution
is the best for me.
--
Best regards,
Artur Pydo.
| |
|
|
| Artur Pydo 2004-03-27, 12:31 am |
| Hi,
Monte Ohrt wrote:
> Magic quotes are evil, get rid of 'em IMHO.
Oh. Well, do you know a well-done paper explaining
why one should not use magic quotes ?
--
Best regards,
Artur Pydo.
| |
| Messju Mohr 2004-03-27, 12:31 am |
| On Wed, Mar 24, 2004 at 05:36:11PM +0100, Artur Pydo wrote:
> Hi,
>
> Monte Ohrt wrote:
>
>
> Oh. Well, do you know a well-done paper explaining
> why one should not use magic quotes ?
just google a bit for "magic_quote evil"
| |
| Kelly Hallman 2004-03-27, 12:31 am |
| Mar 24 at 5:30pm, Artur Pydo wrote:
> Artur Pydo wrote:
>
> I had messju's and Curus answer on IRC :
> {$var|stripslashes}
>
> stripslashes() is a php function but there is no need to
> use register_modifier for php functions.
MAAANNNN!! Smarty never stops blowing me away.. I have read most all of
the documentation (I thought) and was not aware of this..
This works with ANY php built-in?
Is it documented anywhere that I can read more about it?
Also, I have been meaning to test this, but if I declare a function named
Smarty_modifier_xyz() is it used as if it were a registered plugin?
--
Kelly Hallman
// Ultrafancy
| |
| Monte Ohrt 2004-03-27, 12:31 am |
| A paper? No, but it should be pretty self-evident. Not all PHP variables
are meant for SQL statements, so global escapement is unnecessary and
problematic, yours is case-and-point.
On Wed, 2004-03-24 at 10:36, Artur Pydo wrote:
> Hi,
>
> Monte Ohrt wrote:
>
>
> Oh. Well, do you know a well-done paper explaining
> why one should not use magic quotes ?
>
> --
>
> Best regards,
>
> Artur Pydo.
| |
| Messju Mohr 2004-03-27, 12:31 am |
| On Wed, Mar 24, 2004 at 09:22:14AM -0800, Kelly Hallman wrote:
> Mar 24 at 5:30pm, Artur Pydo wrote:
>
> MAAANNNN!! Smarty never stops blowing me away.. I have read most all of
> the documentation (I thought) and was not aware of this..
>
> This works with ANY php built-in?
> Is it documented anywhere that I can read more about it?
sure: http://smarty.php.net/manual/en/language.modifiers.php :
"Modifiers can be autoloaded from your $plugins_dir (also see: Naming
Conventions) or can be registered explicitely (see:
register_modifier). Additionally all php-functions can be used as
modifiers implicitely. (The @count-example above actually uses php's
count-function and not a smarty-modifier)."
But (AFAIR) this was just documented recently.
> Also, I have been meaning to test this, but if I declare a function named
> Smarty_modifier_xyz() is it used as if it were a registered plugin?
no, smarty_modifer_*() is only for autoloaded modifiers loaded via modifier.*.php
> --
> Kelly Hallman
> // Ultrafancy
| |
| Monte Ohrt 2004-03-27, 12:31 am |
| It works with any php function providing:
*) Smarty security is disabled
*) The function expects the arguments in the order that Smarty hands
them off. Most simple one-parameter functions work correctly, others may
require a wrapper.
On Wed, 2004-03-24 at 11:22, Kelly Hallman wrote:
> Mar 24 at 5:30pm, Artur Pydo wrote:
>
> MAAANNNN!! Smarty never stops blowing me away.. I have read most all of
> the documentation (I thought) and was not aware of this..
>
> This works with ANY php built-in?
> Is it documented anywhere that I can read more about it?
>
> Also, I have been meaning to test this, but if I declare a function named
> Smarty_modifier_xyz() is it used as if it were a registered plugin?
>
> --
> Kelly Hallman
> // Ultrafancy
|
|
|
|
|