stackoom
  简体   繁体   中英

How to query database in MediaWiki?

 原文  2015-06-24 23:02:41       php/ mediawiki/ mediawiki-extensions

Question

I am working on a custom extension/special page for the first time. I am trying to create a simple page that queries the database and display the result on the page. I got the following code that does that:

class SpecialBuildRating extends SpecialPage {

function __construct() {
    parent::__construct( 'BuildRating' );
}

function execute( $par ) {

    if(isset($_GET['id'])){

        $buildId = $_GET['id'];

        $db = wfGetDB( DB_SLAVE );

        $res = $db->select(
            'build_rating',
            array('article_id', 'user_id', 'vote', 'comment', 'date'),
            'article_id = 1485', //BuildId instead of 1485
            __METHOD__,
            array( 'ORDER BY' => 'date ASC' )
        );
    }

    $request = $this->getRequest();
    $output = $this->getOutput();
    $this->setHeaders();

    # Get request data from, e.g.
    $param = $request->getText( 'param' );

    # Do stuff
    # ...
    $wikitext = 'Hello world!';
    $output->addWikiText( $wikitext );

    $outP = '<table style="width:100%">
                <tr>
                    <td>article_id</td>
                    <td>user_id</td>
                    <td>vote</td>
                    <td>comment</td>
                    <td>date</td>
                </tr>
            ';

    if ($res != null) {
        foreach( $res as $row ) {
            $outP .= '<td>' . $row->article_id . '</td><td>' . $row->user_id . '</td><td>' . $row->vote . '</td><td>' . $row->comment . '</td><td>' . $row->date . '</td>';
        }
    }

    $output->addWikiText( $outP );
    }
}

How do I pass the $buildId to the WHERE statement instead of 1485 in a safe way that prevents injection?

Another question that I have that isn't really an issue is the $output->addWikiText($var); output call, is there any easier/more effective way to do it?

1 answers

solution1
 2  2015-06-25 02:44:37

$res = $db->select(
    'build_rating',
    array('article_id', 'user_id', 'vote', 'comment', 'date'),
    array( 'article_id' => $buildId ),
    __METHOD__,
    array( 'ORDER BY' => 'date ASC' )
);

See https://www.mediawiki.org/wiki/Manual:Database_access for details.

As of outputting, use $output->addHTML() , however in that case you're responsible yourself for preventing XSS .

Another point, in MediaWiki it's recommended to use $this->getRequest()->getInt( 'name', $defaultValue ) instead of accessing request globals directly.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to connect Mediawiki to a custom user-database? How to add extensions in Mediawiki? How to change my Heroku + MediaWiki database from clearDB one to a local DB Mediawiki search external database - prepend hook Determining MediaWiki version from the database only Extract compressed text from MediaWiki database with PHP Cant find the database driver for MediaWiki during installing How to change MediaWiki session time? MediaWiki: How to extend user class? how to create Short Url in Mediawiki?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM