Drupal Planet

Selection of postings suitable for Drupal Planet feeds.

Don't hack Core

Submitted by AjK on 12 December 2008 - 12:10am

Here's a good one that tried to sneak past in an install file as part of the module's installation procedure...

  1.   db_add_field($ret, 'node_type', 'menu_settings',
  2.     array<('type' => 'text', 'not null' => FALSE));

Need I say more? The title of this page says it all.

»
»



Getting to know your friendly neighbourhood Drupal API

Submitted by AjK on 11 December 2008 - 11:59pm

A recent application was decline basically because Drupal's database API was just non-existent/not used/badly used. This was pointed out to the applicant and asked to read up on how to get things done properly using Drupal's APIs.

On the second attempt this is an example of swinging just the wrong way and "not getting it"...

  1.   $res = db_query("SELECT id FROM {foo} WHERE url = '%s'",
  2.     db_escape_string($info['bar']));

»
»



Spot the difference

Submitted by AjK on 11 December 2008 - 11:31pm

This cracker came in recently, can you spot the difference? Which is right and which is wrong?

  1.   db_query("DELETE FROM {$node->type} WHERE vid = %d", $node->vid);
  2.   db_query("DELETE FROM {foo_bar_baz} WHERE vid = %d", $node->vid);

Got it yet? You may have easily spotted the first one was wrong but did you get why it's wrong? It's bad on more levels than you may at first think.

»
»



Syndicate content