cotonti.com : Inserting data into the database https://www.cotonti.com Laatste forum onderwerpen Cotonti en Wed, 15 Apr 2026 03:55:30 -0000 lukgoh Yeah it is using its own tables. Awesome, this looks very useful! Thank you GHengeveld. I'll post here if I need any more help. 

]]> Thu, 12 Jan 2012 17:54:58 -0000 GHengeveld If you intend to build something that uses it's own database table such as a custom module, you might want to consider using SimpleORM. It's a bit more complex but will save a lot of development time.

]]> Thu, 12 Jan 2012 16:16:26 -0000 lukgoh Thank you guys! 

]]> Thu, 12 Jan 2012 11:34:12 -0000 GHengeveld Dyllon is correct. This is the syntax for Siena. For Genoa you'll need to do sed_sql_prep() on strings and cast numbers to int or float.

You can use extrafields to add the fields to the database table and then use regular queries like this to insert/update/select/delete etc. However, extrafields is only available for users, pages and structure.

]]> Thu, 12 Jan 2012 11:25:32 -0000 Dyllon The safest way I'm aware of is by defining what the variable contains when inserting, or updating it to your sql table. You can accomplish that by doing something like this:

$variable_int = 0;
$variable_string = 'string';

$db->insert($db_table_name, array(
	'field_name' => (string) $variable_string,
	'field_name' => (int) $variable_int
));
]]> Thu, 12 Jan 2012 04:39:15 -0000 lukgoh Thank you Dave, I appreciate your effort to help me. I am pretty sure that the user extrafields use the same functions as other core queries so I guess I can work it out from those.

]]> Thu, 12 Jan 2012 00:55:14 -0000 Dave my small conclusion: i cant answer u @ ur question but im almoust sure (without knowing code) that cotonti / user_extra wont allow any SQL in the form, thats how i'd design it and probably how cot devs did it

forgive me my english, its weak sometimes :)

]]> Thu, 12 Jan 2012 00:50:02 -0000 lukgoh I was wondering if Cotonti had a function I needed to use to check the data being inputed, to stop any possible SQL injections from the form? I didn't think of using the user extrafields, but in the interest of learning I would still like an awnser to this question.

Luke.

]]> Wo, 11 Jan 2012 18:30:13 -0000 Dave im not sure if i understand u correct but why not use user extrafields ?

]]> Wo, 11 Jan 2012 18:19:48 -0000 lukgoh I'm new to extension development and I was wondering what the safest way is to insert user data into the database. 

I have a form for users to fill out and I was just curious about SQL injections.

Luke.

]]> Wo, 11 Jan 2012 11:09:54 -0000