Getting to know your friendly neighbourhood Drupal API

Submitted by AjK on 11 December 2008 - 11:59pm

A recent application was decline basically because Drupal's database API was just non-existent/not used/badly used. This was pointed out to the applicant and asked to read up on how to get things done properly using Drupal's APIs.

On the second attempt this is an example of swinging just the wrong way and "not getting it"...

  1.   $res = db_query("SELECT id FROM {foo} WHERE url = '%s'",
  2.     db_escape_string($info['bar']));

Out of the frying pan and into the fire as they say. The moral of this post is, take your time, understand http://api.drupal.org< and make friends with it.

Update, here's another gem that falls into this category recently seen in an application...

  1. function foo_menu($may_cache) {
  2.   $items = array<();
  3.  
  4.   if ($may_cache) {
  5.     // What the fuck does $may_cache do? Who the fuck cares!
  6.   }
  7.   else {
  8.     // ...
  9.   }
  10.   return $items;
  11. }

The short answer to the question posed is "I do".

and yet more...

  1.   $result = db_query("SELECT mail FROM {users}");
  2.   while ($row = mysql_fetch_assoc<($result)) {
  3.     // ... snipped
  4.   }

and so it goes on...

  1.   $text = $imgfile->description ?
  2.     $imgfile->description : $imgfile->filename;
  3.  
  4.   $output .= '<a href="' .base_path() .$imgfile->mainpath.
  5.     '"title="' .$text. '">';
  6.   $output .= '<img src="'.base_path().$imgfile->thumbpath.'" />';
  7.   $output .= '</a>';

I guess sometimes l() is just too hard to use. Oh and there's probably some XSSi in that lot to boot.


»
»