cotonti.com : Inserting data into the database https://www.cotonti.com Останні повідомлення в темі Cotonti en Sat, 28 Feb 2026 11:36:39 -0000 lukgoh Yeah it is using its own tables. Awesome, this looks very useful! Thank you GHengeveld. I'll post here if I need any more help. 

]]> Thu, 12 Січ 2012 17:54:58 -0000 GHengeveld If you intend to build something that uses it's own database table such as a custom module, you might want to consider using SimpleORM. It's a bit more complex but will save a lot of development time.

]]> Thu, 12 Січ 2012 16:16:26 -0000 lukgoh Thank you guys! 

]]> Thu, 12 Січ 2012 11:34:12 -0000 GHengeveld Dyllon is correct. This is the syntax for Siena. For Genoa you'll need to do sed_sql_prep() on strings and cast numbers to int or float.

You can use extrafields to add the fields to the database table and then use regular queries like this to insert/update/select/delete etc. However, extrafields is only available for users, pages and structure.

]]> Thu, 12 Січ 2012 11:25:32 -0000 Dyllon The safest way I'm aware of is by defining what the variable contains when inserting, or updating it to your sql table. You can accomplish that by doing something like this:

$variable_int = 0;
$variable_string = 'string';

$db->insert($db_table_name, array(
	'field_name' => (string) $variable_string,
	'field_name' => (int) $variable_int
));
]]> Thu, 12 Січ 2012 04:39:15 -0000 lukgoh Thank you Dave, I appreciate your effort to help me. I am pretty sure that the user extrafields use the same functions as other core queries so I guess I can work it out from those.

]]> Thu, 12 Січ 2012 00:55:14 -0000 Dave my small conclusion: i cant answer u @ ur question but im almoust sure (without knowing code) that cotonti / user_extra wont allow any SQL in the form, thats how i'd design it and probably how cot devs did it

forgive me my english, its weak sometimes :)

]]> Thu, 12 Січ 2012 00:50:02 -0000 lukgoh I was wondering if Cotonti had a function I needed to use to check the data being inputed, to stop any possible SQL injections from the form? I didn't think of using the user extrafields, but in the interest of learning I would still like an awnser to this question.

Luke.

]]> Ср, 11 Січ 2012 18:30:13 -0000 Dave im not sure if i understand u correct but why not use user extrafields ?

]]> Ср, 11 Січ 2012 18:19:48 -0000 lukgoh I'm new to extension development and I was wondering what the safest way is to insert user data into the database. 

I have a form for users to fill out and I was just curious about SQL injections.

Luke.

]]> Ср, 11 Січ 2012 11:09:54 -0000