Understanding extract($args) and pnVarCleanFromInput :: Zikula Community

Get Zikula 1.3.3!New core, modules & more

Quick Links

Donate Today!Support your Software

Documentationlearn, share & develop

Watch

GitHub Core

Show your support for Zikula! Sign up at Github account and watch the Core project!

GitHub Modules

Forum Activity

internetking created topic »password problem« 25. May
mesteele101 responded to »ERR (3): E_USER_ERROR: Smarty error: [in pagesvar:pagesitem2en line XXX]…« 25. May
mazdev responded to »Pages 2.5.0 and updating - Page not found« 25. May
ehdwma created topic »Hide "Register new account" and change template to 3 col« 25. May
mesteele101 responded to »Zikula 1.3.3 - Selecting a category in Pages not working« 25. May
mdee created topic »How to implement returnpage ?« 25. May
nestormateo responded to »Fillters in Clip« 24. May

» Visit forum | » View latest posts

Zikula Blog

Anatomy of Open Source Projects on Mar 07
Continuous Review on Mar 01
Not Invented Here on Feb 24
How to Contribute Your Code at Github on Jan 13
10 Steps to Coding-Nirvana: Tips for Successful Module Writing on Nov 12
Submitting Bug Report Tickets That Get Results on Aug 17
Cozi Tricks #1: Syntax Highlighting on Aug 07

Understanding extract($args) and pnVarCleanFromInput

Print topic

**unknown user**

Rank: Registered User

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 13
Posted: Aug 21, 2006 - 08:07 AM

Developing a new module (and grateful for the Example mod as a guide), but I'm not sure I understand how the extract() function is/should be used.

As an example, in my pnadmin.php, the "main" function displays a table containing attorney names and Edit and Delete links that call an adminapi function are formatted using pnModURL, resulting in links such as index.php?module=attorneys&type=admin&func=modify&aid=1, where aid is the attorney id. In other words, no user input is involved.

In pnadminapi.php, after doing a security check for access, I thought it would be sufficient to only use extract($args) to obtain the 'aid' variable. Instead, the variable is not being created at all.

If I use
Code
$aid = pnVarCleanFromInput('aid');
the var is passed correctly. And, it also seems that this is an all around "safer" way of handling the data.

So why bother with extract()?

Just trying to come to an understanding of the best way to pass the data (and would love to know why extract() is having no effect). Thanks, in advance, for your help.
**unknown user**

Rank: Freshman

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 68
Posted: Aug 21, 2006 - 10:30 AM

pnVarCleanFromInput is a custom PN function that looks at all possible ways of submitting info to the server such as cookies, POST vars, etc. extract() is a PHP function the takes an array and exports the array's values to the current symbol table. In other words, if you had an array like myArray('value1'->1,'value2'->2) and you did an extract() on it, you would then have two stand alone variables like $value1 = 1 and $value2 = 2.

Basically, they are for totally different purposes. In adminapi.php, you're getting vars that are already in the PHP script but were passed to the API function as an argument. If you were in the admin.php page, you would probably us pnVarCleanFromInput to get vars from the remote client (a form input for example).
rgasch

Rank: Team Member

Registered: Jan 05, 2003

Last visit: May 28, 2010

Posts: 775
Posted: Aug 21, 2006 - 09:08 PM

Quote
So why bother with extract()?

1 simple answer: don't bother; it causes more trouble that it's worth.

The reason is simple: extract() takes your array and imports it into your current namespace (ie: it creates variables from you associative array indexes). The problem with this is that all of a sudden you have variables defined which can not be traced back to any declarative statement which means that at this point you can't tell from your code where a variable comes from (and whether it's a variable which really ought to be there or whether it's a typo).

When dealing with arrays containing arguments, use the following construct:

Code
$mykey = $myarray['mykey']

It's a bit more code but it clearly spells out where $mykey comes from which IMHO greatly enhances maintainability in the long term.

Greetings
R
markwest

Rank: Team Member

Registered: Mar 18, 2002

Last visit: Oct 21, 2009

Posts: 6606
Posted: Aug 21, 2006 - 10:09 PM

The purpose of bringing in arguments that are passed to the function in addition to those passed via the URL is so that all PN functions can be called in a scripted fashion and not just through the web interface. For example I can write a custom PHP script run from the command line that might call parts of your module.

Another use of this functionality is the start page settings in .76x+ where you can set the default arguments for the start page. If you module doesn't utilise arguments passed to it then this functionality will be limited to just selecting your module as the start page.

-Mark

--
Visit My homepage and Zikula themes .
**unknown user**

Rank: Registered User

Registered: Mar 16, 2002

Last visit: Oct 21, 2009

Posts: 13
Posted: Aug 23, 2006 - 01:09 AM

Thanks for the responses guys.

Quote
The purpose of bringing in arguments that are passed to the function in addition to those passed via the URL is so that all PN functions can be called in a scripted fashion and not just through the web interface.

Mark,
Do I understand your comment to state that for purposes of greater flexibility (other developers being able to call and use my mod's functions), I should continue to include the extract($args) line in API functions (in addition to using pnVarCleanFromInput for those vars that are passed in the URL)?

Pretty sure I'm understanding this more clearly now -- appreciate the feedback.
markwest

Rank: Team Member

Registered: Mar 18, 2002

Last visit: Oct 21, 2009

Posts: 6606
Posted: Aug 23, 2006 - 01:41 AM

Yes and no... You should continue to support arguments passed in as parameters to the function. However i'd recommend not using extract (we're removing it's usage from the core and associated modules...). This is because every single parameter passed into the function ends up as a variablle in the scope of your function with possibly unexpected results.

Rather than extract the args array just check for $args['your var'] and set this if required.

e.g.

Code
$myvar = pnVarCleanFromInput('myvar');
if (isset($args['myvar'])) {
$myvar = $args['myvar'];
}

We make the process a lot simpler in .8x with the object library where you can use

Code
$myvar = FormUtil::getPassedValue('myvar', isset($args['myvar']) ? $args['myvar'] : yourdefault);

-Mark

--
Visit My homepage and Zikula themes .
pnDev

Rank: Softmore

Registered: Jul 16, 2004

Last visit: Oct 21, 2009

Posts: 406
Posted: Feb 21, 2007 - 08:52 AM

Just a quick question, can you pass the $arg back in through pnModUrl

ie

return pnRedirect(pnModURL('Example', 'user', 'new', $args));

What Im' trying to do is validate form input if it fails, display the error message and reload the same values in the form and let them continue.

I have about 15 vars so instead of typing them all out in an assignment array, can above be done? DOesn't seem to be working for me.
kaffeeringe.de

Rank: Software Foundation

Registered: Sep 03, 2002

Last visit: May 09, 2010

Posts: 909
Posted: Feb 21, 2007 - 09:20 AM

You should really take a look at pnForms in .8 - That does all the validating, passing back and forth in a few lines of code. So if don't really depend on .7 compatibility you should switch.

--
best regards from Kiel, sailing city

Steffen Voss

Member of the Zikula Steering Committee
Read The Zikulan's Blog "If you want people to RTFM, make a better FM!"
pnDev

Rank: Softmore

Registered: Jul 16, 2004

Last visit: Oct 21, 2009

Posts: 406
Posted: Feb 21, 2007 - 04:31 PM

Ok, I will have to check that out ASAP. However for .7xx am I correct in assuming above would not work ?