Last updated February 3, 2007. Created by Senpai on July 3, 2006.
Edited by kitt. Log in to edit this page.
Now that we have a table to save data into, and our new node has a form that displays and validates on submit, we need to save the submitted values into the database.
<?php
/**
* Implementation of hook_insert, which saves todo-specific information
* into the todo table
* @param node object
*/
function todo_insert($node) {
// normally, we'd try strtotime, but it won't handle the inverse
// dd/mm/yyyy formats, so generate the timestamp ourselves
preg_match('/^(\d\d)\/(\d\d)\/(\d\d\d\d)$/', $node->duedate, $m);
$ts = mktime(0, 0, 0, $m[2], $m[1], $m[3]);
db_query("INSERT INTO {todo} (nid, duedate, priority, taskstatus) VALUES (%d, %d, %d, %d)", $node->nid, $ts, $node->priority, $node->taskstatus);
}
?>Normally, we'd prefer to use the php function strtotime. However, it won't handle the inverse dd/mm/yyyy format, so we parse the string ourselves. Because we've already validated the due date string format, we can just use the preg_match as before.
Take a look at the line with the db_query function call. The first argument of the call is the SQL command to run, containing an argument substitution string '%d'. The following arguments in the db_query call are values that replace these argument substitution strings. Drupal provides protection from SQL injection attacks by using string substitution in its database calls.
See also db_queryd for a version of db_query that outputs the query to the browser for debugging.
If your SQL contains strings, be sure to quote your strings for substitution:
<?php
db_query('SELECT * FROM {table} WHERE field LIKE \'%s\'', $argument);
?>At this point, the module will save the data into the database. You can't edit the form, and the data won't display quite right, but it will save.
Download the module thus far, and rename to todo.module before saving and enabling in your Drupal installation.
Comments
To insert/update string data
Unfortunately, this tutorial doesn't touch on inserting and updating string data with Drupal. It took a bit of tinkering until I figured out what was happening. In your database query, you should use %s instead of %d (see previous comment - %d is for numbers, %s is for strings). Also, you must enclose the %s in single quotes in the actual query, or else you will get an error, and your table won't be updated. Here is how the query for an insert should look, where the second value inserted is a string:
$t = db_query("INSERT INTO {tablename} (nid, cname) VALUES (%d, <b>'%s'</b>)", $node->nid, $node->cname);hook_delete
I think you should also mention that it's useful too provide an implementation of the hook_delete fuction. If that is not the case, pressing the delete button in the edit node tab will only delete the node information from the {node} table leaving unused information in the {todo} table. It's fairly trivial to implement it, like reported in the hook_delete documentation:
function todo_delete(&$node) {db_query('DELETE FROM {todo} WHERE nid = %d', $node->nid);
}
mktime called with incorrect parameters - php 5.1.6
I'm using php 5.1.6
and mktime is called with $m[2] etc..
<?php$ts = mktime(0, 0, 0, $m[2], $m[1], $m[3]);
?>
on doing a print_r on $m i get
$m = Array(
[0] => Array
(
[0] => 07/10/2007
[1] => 07
[2] => 10
[3] => 2007
)
)
so we need to change the code to
<?php$ts = mktime(0, 0, 0, $m[0][2], $m[0][1], $m[0][3]);
?>
to generate the $ts correctly.
hth.
yashesh
----------------------------------------------------------
Go Pre
http://www2.localaccess.com/rlalonde/pre.htm
----------------------------------------------------------
Yashesh Bhatia