Posted by tpainton on March 12, 2010 at 11:30pm
I am trying to adhere to good drupal coding practices but it's causing me some grief. Specifically, whenever I use placeholders, characters such as ' and " and getting converted to codes and this really messes with output. I have read that @ and % should be used commonly but sometimes it seems that the only way to make my output look good is to use !
I must be missing something here. Can someone offer some advice? Thanks.
Moving to module development by VM
Comments
Elaboration.
An example.
<?php$text = "Todd's movie house";
print t('I went to @text', array('@text'=> $text));
?>
Produces..
I went to Todd's movie house.How do I keep the
'out of there?Use !text.
Use !text.
Full-time freelancer, always looking for work.
jaypan.com (my portfolio)
Okay
Okay, but doesn't that leave me open to someone sliding some malicious html in there?
It could. If it's user
It could. If it's user submitted text, you will want to run check_plain() on it, or use the @ sign.
Full-time freelancer, always looking for work.
jaypan.com (my portfolio)
Hmm.
Then I have come around full circle with the problem I have in post #1. This is my problem.
Only on the second option...
You would only come full circle if you use @, if you use check_plain() the user submitted text will be checked for malicious code.
t() calls check_plain on
t() calls check_plain on @placeholder values...
See http://api.drupal.org/api/function/t/6
--
The Manual | Troubleshooting FAQ | Tips for posting | How to report a security issue.
?
We must be missing something.
As "
I went to Todd's movie house." is intended for the browser, what's the problem? The browser will display a single quote.--
The Manual | Troubleshooting FAQ | Tips for posting | How to report a security issue.
Maybe this is the problem.
It does not display a single quote in my browsers. IE and Mozilla, at least not from my drupal setup. It displays exactly as you see.. it was a direct copy and paste.
It appears I have another problem altogether and the fact that its all my browsers leads me to believe it's something with drupal.. hmm. Could it be clean urls???