2
Primetime... it's me 
Anyway, just a small module. Any translations would be welcome (now available in Spanish, English and Catalan). You can contact me at primetime at linuxsilo dot net.
Thanks.
Anyway, just a small module. Any translations would be welcome (now available in Spanish, English and Catalan). You can contact me at primetime at linuxsilo dot net.
Thanks.
5
Ok, I see.
By the way, which should be the "best" or recommended way to avoid SQL injection? Does XOOPS do any sort of treatment for that purpose, so that you don't have to take care of it in your module?
Could this code be a good solution?
foreach ($HTTP_POST_VARS as $varname => $value) {
if (is_string($value)) $value = addslashes($value);
$vars[$varname] = $value;
}
And then use the values from $vars to store them in the database and always do a stripslashes before showing any string retrieved from the database.
Thanks for your response.
By the way, which should be the "best" or recommended way to avoid SQL injection? Does XOOPS do any sort of treatment for that purpose, so that you don't have to take care of it in your module?
Could this code be a good solution?
foreach ($HTTP_POST_VARS as $varname => $value) {
if (is_string($value)) $value = addslashes($value);
$vars[$varname] = $value;
}
And then use the values from $vars to store them in the database and always do a stripslashes before showing any string retrieved from the database.
Thanks for your response.
6
At the begining of the admin/index.php file in xoopsfaq module these two paragraphs can be found:
if (isset($HTTP_GET_VARS)) {
foreach ($HTTP_GET_VARS as $k => $v) {
$$k = $v;
}
}
if (isset($HTTP_POST_VARS)) {
foreach ($HTTP_POST_VARS as $k => $v) {
$$k = $v;
}
}
What are they for? To avoid SQL Injection? To avoid single quoting problems?
Thanks in advance.
P.S. In admin/index.php file of xoopspoll module only HTTP_POST_VARS are treated like this.
if (isset($HTTP_GET_VARS)) {
foreach ($HTTP_GET_VARS as $k => $v) {
$$k = $v;
}
}
if (isset($HTTP_POST_VARS)) {
foreach ($HTTP_POST_VARS as $k => $v) {
$$k = $v;
}
}
What are they for? To avoid SQL Injection? To avoid single quoting problems?
Thanks in advance.
P.S. In admin/index.php file of xoopspoll module only HTTP_POST_VARS are treated like this.
7
Hi. I am new to XOOPS and still trying to finish my first module.
So, I am programming the control panel scripts that control my module options and contents (it's a multiquestion survey, by the way), and I have not been able to use templates in it.
Looking inside the official modules, I have seen that they do not use templates in the admin scripts. Looking at /include/cp_header.php script, I see there is no include nor template initialization and management as in /header.php.
Could it be possible to add that feature? I mean, no need for blocks, no need for anything else than template initialization, so that one could do with these lines (as in module public scripts):
$xoopsOption['template_main'] = 'surveys_index.html';
oopsTpl->assign('lang_category', _SR_CATEGORY);
And so on...
Thanks in advance.
So, I am programming the control panel scripts that control my module options and contents (it's a multiquestion survey, by the way), and I have not been able to use templates in it.
Looking inside the official modules, I have seen that they do not use templates in the admin scripts. Looking at /include/cp_header.php script, I see there is no include nor template initialization and management as in /header.php.
Could it be possible to add that feature? I mean, no need for blocks, no need for anything else than template initialization, so that one could do with these lines (as in module public scripts):
$xoopsOption['template_main'] = 'surveys_index.html';
oopsTpl->assign('lang_category', _SR_CATEGORY);
And so on...
Thanks in advance.
Login
Search
Recent Posts
Who's Online
Donat-O-Meter
| Stats | |
| Goal: | $100.00 |
| Due Date: | Apr 30 |
| Gross Amount: | $0.00 |
| Net Balance: | $0.00 |
| Left to go: | $100.00 |
 |
|