40
I believe that (some of) these functions are still used internally, but not intended to be part of the API used by developers.
Anyone please correct me if I'm wrong, but as far as I know, all the sanitization is done in class methods 'getVar' and 'setVar' of classes derived from XoopsObject.
- setVar(key,value) sets the value of a 'field'. It will automatically be sanitized before insert into the database.
- getVar(key,format) converts based on the 'type' of the variable and the selected 'format'. The values of 'format' can be:
(1) 's' for 'show' (use when displaying on a page)
(2) 'e' for 'edit' (use when you show in an edit box)
(3) 'p' for 'preview' (unsure of purpose)
(4) 'f' for 'formpreview' (unsure of purpose)
(5) 'n' for 'none' (use when you want the value exactly as inserted)
The options of whether you want to render smilies, html etc, is established when you call 'initVar' to initialize each var in your class (derived from XoopsObject). Have a look at e.g. kernel/user.php or kernel/module.php etc for some examples of class derived from XoopsObject. If all your data is handled by a XoopsObject then you just use 'setVar', 'getVar', and sanitization automagically happens when you insert into or retrieve from the database.
Hope this helps a bit...