I am trying to adhere to good drupal coding practices but it's causing me some grief. Specifically, whenever I use placeholders, characters such as ' and " and getting converted to codes and this really messes with output. I have read that @ and % should be used commonly but sometimes it seems that the only way to make my output look good is to use !

I must be missing something here. Can someone offer some advice? Thanks.

Moving to module development by VM

Comments

tpainton’s picture

An example.

<?php
$text = "Todd's movie house";
print t('I went to @text', array('@text'=> $text));
?>

Produces..

I went to Todd&#039;s movie house.

How do I keep the &#039; out of there?

jaypan’s picture

Use !text.

Contact me to contract me for D7 -> D10/11 migrations.

tpainton’s picture

Okay, but doesn't that leave me open to someone sliding some malicious html in there?

jaypan’s picture

It could. If it's user submitted text, you will want to run check_plain() on it, or use the @ sign.

Contact me to contract me for D7 -> D10/11 migrations.

tpainton’s picture

Then I have come around full circle with the problem I have in post #1. This is my problem.

Starvin15’s picture

You would only come full circle if you use @, if you use check_plain() the user submitted text will be checked for malicious code.

heine’s picture

t() calls check_plain on @placeholder values...

See http://api.drupal.org/api/function/t/6

heine’s picture

We must be missing something.

As "I went to Todd&#039;s movie house." is intended for the browser, what's the problem? The browser will display a single quote.

tpainton’s picture

It does not display a single quote in my browsers. IE and Mozilla, at least not from my drupal setup. It displays exactly as you see.. it was a direct copy and paste.

It appears I have another problem altogether and the fact that its all my browsers leads me to believe it's something with drupal.. hmm. Could it be clean urls???