Hi,
as the code is uncommented it would be extremely helpful (to anyone trying to modify the scripts to their own ends) to know what the built in methods were originally meant for. could someone shed some light on the following:
ie. what job were they meant to do / why and where should I be using them;
database_safe()
tapestry_normalise()
tapestry_search()
tapestry_hyphenate()
Many thanks, Steve.
Many thanks David - thats exactly what I needed. This might be a good thread to 'collect' this info?
Could you add something for urlencode().
Cheers, Steve.
Hi Steve,
urlencode() is a built in PHP function, that is used in place of tapestry_hyphenate() when not using search engine friendly URLs. It automatically encodes any characters that are not safe within a URL into their entity equivalents so that they don't break anything - in particular the sitemap and product links etc.
Cheers,
David.
Hi Steve,
These functions should be used as follows;
database_safe()
Use this whenever you construct an SQL statement from untrusted input - whether it is data from a feed, or user input from a form. It makes sure that any characters that could "break" the SQL are properly escaped. For example, instead of:
$sql = "SELECT * FROM products WHERE name='".$product["name"]."'";...you should use:
$sql = "SELECT * FROM products WHERE name='".database_safe($product["name"])."'";tapestry_normalise()
This functions removes dangerous characters from most fields from feeds as they are imported, and replaces hyphens (which may exist in product model numbers for example) with spaces to avoid conflict with search engine friendly URLs. Characters include control characters, tabs, carriage returns, line-feed etc. - all of which can be found in feed data.
tapestry_search()
This function removes spaces from the input parameter. It is used during import against the product name field to create the "search_name" field in the database. Then when a user enters a search term that is less than 4 characters, the query is again passed through this function and then the SQL generates to compare it against the "search_name" field. This search method is more or less redundant now as most queries use the MySQL FULL TEXT index, but before this was implemented this method was used for all queries.
tapestry_hyphenate()
This function generates a version of the input parameter in which all spaces are converted to the "-" character. It is used to generate the search engine friendly URLs when using the rewrite option. You would only really need to use this if you were creating new search engine friendly pages for additional fields that you have added to your database, in which case you would need to copy the way the rules work for one of the existing rewrites in .htaccess. The inverse of this function is carried out by tapestry_normalise(), which converts hypens back into spaces.
Hope this helps!
Cheers,
David.