Jump to:

17452 Posts in 4473 Topics by 1971 members

Archive

SilverStripe Forums » Archive » Difference in templates between TEXT and VARCHAR

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

Page: 1
Go to End
Author Topic: 1908 Views
  • dio5
    Avatar
    Community Member
    501 Posts

    Difference in templates between TEXT and VARCHAR Link to this post

    Hi,

    I noticed there must be some difference in the way SS treats variables of a different fieldtype in a template.

    In order to get working html out of a varchar variable, I have to use:

    $VarcharVariable.RAW

    otherwise it is 'htmlspecialcharred'...
    while with text it can just be

    $TextVariable

    and to have that one 'cleaned' I need to use

    $TextVariable.XML

    Any clues on this one..?

    I didn't expect this, couldn't find anything about this in http://doc.silverstripe.com/doku.php?id=data-types

  • Sam
    Avatar
    Administrator
    679 Posts

    Re: Difference in templates between TEXT and VARCHAR Link to this post

    If you plan on storing HTML in a varchar variable, use the field type HTMLVarchar instead.

    There is also an HTMLText variable that you should use. Text variables aren't escaped by default, but this is a bug in there for legacy reasons.

    In short, use the field types with the "HTML" prefix, this tells the template systems not to escape the data before putting it in the template.

  • dio5
    Avatar
    Community Member
    501 Posts

    Re: Difference in templates between TEXT and VARCHAR Link to this post

    Well,

    I wasn't planning on using HTML in them, just trying to crack it, see what would happen if I did and so I discovered the difference.

    I was planning to use the built-in pagecomments but change them so users could use (some) html in them. By default I see that Text is used there, so maybe I better change this to HTMLText.

  • Sam
    Avatar
    Administrator
    679 Posts

    Re: Difference in templates between TEXT and VARCHAR Link to this post

    That's right. You'll have to be careful not to allow cross-site scripting, of course! One thing that you could consider doing is making a new field type, called SafeHTMLText:

    class SafeHTMLText extends Text {
    function SafeHTML() {
    return some_processing_of($this->value);
    }
    }

    You can then make your Comment field of tpye SafeHTMLText, and in your template, put:

    $Comment.SafeHTML

    1908 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.