I am working on a custom extension/special page for the first time. I am trying to create a simple page that queries the database and display the result on the page. I got the following code that does that:
class SpecialBuildRating extends SpecialPage {
function __construct() {
parent::__construct( 'BuildRating' );
}
function execute( $par ) {
if(isset($_GET['id'])){
$buildId = $_GET['id'];
$db = wfGetDB( DB_SLAVE );
$res = $db->select(
'build_rating',
array('article_id', 'user_id', 'vote', 'comment', 'date'),
'article_id = 1485', //BuildId instead of 1485
__METHOD__,
array( 'ORDER BY' => 'date ASC' )
);
}
$request = $this->getRequest();
$output = $this->getOutput();
$this->setHeaders();
# Get request data from, e.g.
$param = $request->getText( 'param' );
# Do stuff
# ...
$wikitext = 'Hello world!';
$output->addWikiText( $wikitext );
$outP = '<table style="width:100%">
<tr>
<td>article_id</td>
<td>user_id</td>
<td>vote</td>
<td>comment</td>
<td>date</td>
</tr>
';
if ($res != null) {
foreach( $res as $row ) {
$outP .= '<td>' . $row->article_id . '</td><td>' . $row->user_id . '</td><td>' . $row->vote . '</td><td>' . $row->comment . '</td><td>' . $row->date . '</td>';
}
}
$output->addWikiText( $outP );
}
}
How do I pass the $buildId
to the WHERE
statement instead of 1485
in a safe way that prevents injection?
Another question that I have that isn't really an issue is the $output->addWikiText($var);
output call, is there any easier/more effective way to do it?
$res = $db->select(
'build_rating',
array('article_id', 'user_id', 'vote', 'comment', 'date'),
array( 'article_id' => $buildId ),
__METHOD__,
array( 'ORDER BY' => 'date ASC' )
);
See https://www.mediawiki.org/wiki/Manual:Database_access for details.
As of outputting, use $output->addHTML()
, however in that case you're responsible yourself for preventing XSS .
Another point, in MediaWiki it's recommended to use $this->getRequest()->getInt( 'name', $defaultValue )
instead of accessing request globals directly.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.