The result is now: UPDATE kmsortiment_st SET name='(?name)' , category='(?cat) ' , typ='(?typ)' , base_price=30 , km_price=35 , box_size=20 , unit='(?u)' , group_unit='(?gu)' WHERE id=1
Another place where things are going to be escaped weirdly. There must be a better way to do this. What if we added a third argument to BOLTMfunction, // Don't do this, use the next suggestion BOLTMfunction($params, $zone='', $args='') and joined the BOLTargs argument? we wouldnt need to parse the array in BOLTcomm2func as a string, only to be parsed back as an array. Alternately, BOLTargs would have to unescape. BUT in that case we would have to force all inputs to BOLTargs to be escaped in the first place, and I don't like the thought of sending escaped strings around boltwire. Boltwire should always expect utf input to all functions. Also, composing a string only to have it parsed into an array is a strange thing to do. In this (and other cases, like memberships) I think you should strive to order things in lists/arrays as soon as possible. If I may go into stingy mode, I actually don't like how much BOLTMfunctions does anyway. It's a markup, it should take string input and output something boltwire can use, not handle options. I strongly suggest moving all logic out to a // this, right here, is the proverbial shit. BOLTfunction($function, $args, $field) function. BOLTMfunction would be left taking a string, calling BOLTargs, and passing the result to BOLTfunction. Other boltwire- functions would then simply tap into BOLTfunction directly, without risking problems with BOLTargs. Much prettier. The engine should never have to call markup except on content. The colossal amount of search and replace going on in the engine isn't optimal anyway. Lets do without. Faster, prettier, less bug prone IS the way to go. On Sep 22, 8:47 pm, The Editor <[email protected]> wrote: > On Tue, Sep 22, 2009 at 1:58 PM, DrunkenMonk <[email protected]> wrote: > > > On Sep 22, 5:14 pm, The Editor <[email protected]> wrote: > >> What version are you using? If you recall I reworked the comm2func > >> function in a recent release to handle this better, but don't see it > >> documented, so perhaps it was more recent. (I'm thinking it was 3.14). > >> Anyway check to see if you have this line in your comm2func function: > > >> foreach($args as $f => $v) $value .= "$f='" . > >> str_replace(Array("'", > >> '"'), Array(''', '"'), $v) . "' "; > > > I couldn't see this, so I upgraded to 3.15 from 3.14 > > Didn't help, and I still can't find the "str_replace" part. > > > Are you sure you included it in the release? > > No, it could be just on mine. It will be in the next one though. It is > in engine.php, line 453, replace a very similar line to the following > to the following: > > foreach($args as $f => $v) $value .= "$f='" . > str_replace(Array("'", > '"'), Array(''', '"'), $v) . "' "; > > It just escapes any parameters in a form value from messing up the > parsing of the arg array... I had problems with the rss plugin. Guess > it was been since the last release. Must by why it wasn't documented! > :) > > > Yeah... I have full mysql functionality, essentially the mysql command > > line accessible via boltwire. I don't want to dumb that down when the > > function-version works perfectly fine. > > In fact, I currently have an easier time formatting output with mysql > > than with templates. Especially given mysqls inbuilt math functions. > > > Once we get this string-escape fixed I'll show you how simple and > > powerful my solution is to use. I'm sure you'll see it my way. > > I am excited. Now that I think about it, you are no doubt right. It > would be better to have full msql functionality. That probably is how > I would have done it after thinking about it a bit more. Not sure how > you have handled security though. A simple dumbed down peek function > and poke command might be useful, with the full query function > available perhaps to admins or something. Otherwise, how are you going > to limit the queries? Pardon my ignorance of msql. Haven't looked > into it much. Just thinking out loud. It would be nice to have a > simple security interface with BoltWire, but that may not be possible. > > Cheers, > Dan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "BoltWire" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/boltwire?hl=en -~----------~----~----~----~------~----~------~--~---
