Data and parameters in vanilla popup form
steam
✭
Hi,
I have some questions.
first question:
I have popup form created by vanilla with textarea.
When I save textarea value I need to do sanitize ?
second question:
On the DiscussionController_AuthorInfo_Handler I create the link to open popup window like:Anchor(T('evaluate'), "discussion/evaluate/{$UserID}/{$Email}", 'Evaluate Popup');
To pass the user email to my event (DiscussionController_Evaluate_Create) is only by the parameters way ?
I don't like pass user email by parameter and don't like make a select user email from database by user Id
Can I save user email in the user session and then remove it ? Or save it an global variable ?
Thanks.
Best Answers
-
R_J
Admin
You can use the function "stash" from the session class: https://github.com/vanilla/vanilla/blob/master/library/core/class.session.php#L609
But in almost all cases when a UserID is passed as a parameter, you have to do some kind of sanity checks. So if getting the user info and verifying some permissions is already what you need to do, you could easily get the users mail address "from db". If you use userModel->getID(), the user info is taken from the cache, anyway.
If you use pure SQL to save to db, you have to sanitize the data. If you use Vanillas model class, you do not need to.
You should always sanitize output, though.6 -
hgtonight
MVP
@steam said:
I have another question.
How can I redirect from my method to the end of the discussion with refreshing the page ? With the popup window I save the comment and I want to show it.You are looking to use the
Gdn_Controller::jsonTarget()method. E.g.$this->jsonTarget('#DOM_Selector', '<markup>Will be appended</markup>', 'Append');The other methods available are here:
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.
7
Answers
You can use the function "stash" from the session class: https://github.com/vanilla/vanilla/blob/master/library/core/class.session.php#L609
But in almost all cases when a UserID is passed as a parameter, you have to do some kind of sanity checks. So if getting the user info and verifying some permissions is already what you need to do, you could easily get the users mail address "from db". If you use userModel->getID(), the user info is taken from the cache, anyway.
If you use pure SQL to save to db, you have to sanitize the data. If you use Vanillas model class, you do not need to.
You should always sanitize output, though.
Is this "stash" function save values on the db ? Not on the memory ?
My fault: you wanted to not use the memory, correct? As you can see from the code: https://github.com/vanilla/vanilla/blob/master/library/core/class.session.php#L631 it uses the db.
I really would recommend to use the frameworks benefits. In this case it would be the cached user from userModel->getID()
No @R_J its my fault for not being able to explain well.
I wanted to use the session and save in memory the value and after get it remove the value for clean the memory. Save and clean on the session (memory) small value is less costly than open and close the connection to bd
I'm more used to program in java and java keeps session in memory.
But I want to get another user email, no logged session user. I think that value will not be cached.
Another solution could be use ajax
I try to see all possibilities of vanilla framework and play with it
I have another question.
How can I redirect from my method to the end of the discussion with refreshing the page ? With the popup window I save the comment and I want to show it.
You are looking to use the
Gdn_Controller::jsonTarget()method. E.g.$this->jsonTarget('#DOM_Selector', '<markup>Will be appended</markup>', 'Append');The other methods available are here:
https://github.com/vanilla/vanilla/blob/c5b8153ec40e396493a47fca1e0bb7433cf6cd7b/js/global.js#L490-L543
Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.