2009年4月29日星期三

Re: [fw-mvc] How do I customize the escape() function for HTML rendering?

On 29 Apr 2009, at 12:41, bentobenji wrote:

>
> Removing '$this->' from the data path did indeed work. However,
> someone
> gave me another the solution on another forum, which I will reveal
> below.
>
> In the interest of helping any other readers of the forum however,
> I'll give
> you the error message I was receiving to help clear it up. If I keep
> '$this' in the data path, I get this error:
>
> Catchable fatal error: Object of class Zend_Db_Table_Row could not be
> converted to string in
> /Users/me/Sites/njaimh-zf/application/views/scripts/index/
> index.phtml on
> line 15
>
> Like I said , saying '$text->content2;' insead of '$this->$text-
> >content2;'
> DOES work.

That's because you are referencing something different.

You assigned the result set of your database query, which is an
instance of Zend_Db_Table_Rowset to the view as a the variable called
"text" in your controller using $this->view->text = $text->fetchAll();

This means that within a view script, such as index.phtml, the
resultset is accessible as $this->text. This is because when you are
in the view script, $this is a reference to the view object.

Now, your foreach loop statement is: foreach($this->text as $text)
This line creates a local variable called $text which is an instance
of a Zend_Db_Table_Row. i.e. you have used the same variable name
"text" for two different types of object.

You'd be better to change your foreach to something like:

foreach($this->text as $row) :
if ($this->escape($row->page) == $this->escape($this->id)) {
$page_id = $row->escape($text->page);
$content1 = $row->escape($text->content1);
$content2 = $row->escape($text->content2);
}
endforeach;

This way it is clear that $this->text is the set of rows and $row is
the particular row you are operating on.

However, if you really want to just just get one row, then use
fetchRow() in your controller rather than fetchAll().


> I guess somehow that bypasses the view engine running off of the index
> controller but I don't know how.

No. It's nothing to do with that and everything to do with which
variable you are using.


> The other solution I got is just regular php. It's in the echo/print
> function:
>
> print html_entity_decode($content2);
>
> I guess I'll stick with this one since it apparently keeps the escape
> running, which is more secure I suppose.

It is pointless to encode and then decode.

Regards,

Rob...

--
Rob Allen
Zend Framework Tutorial: http://akrabat.com/zft
Author of Zend Framework in Action: http://www.zendframeworkinaction.com

发帖者 lazayworm 时间: 05:25

没有评论:

发表评论

订阅: 博文评论 (Atom)