Forums / Discussions / Implementing Province => City dependency

Tuesday 18 January 2011 8:39:55 am - 7 replies

Introduction

Hi everyone!

Since I notice that there are quite some posts on this topic, I thought I should share with you how I implemented a form where one field depends on another. I will use the classic example where the user selects a province and then is limited in his choice of choosing a city only to those cities that actually exist in that province.

» Read full blog post

Author Message

Damien Pobel

Tuesday 18 January 2011 11:34:05 am

Hi Henrik,
First, thanks for the contribution, you're right it's a quite common need. But your solution needs some fixes at least for security and performances.
Security issue :
Your eZ JS Core server function is vulnerable to SQL injection because you don't escape parameters. In the eZ Publish API, it should be done with eZDB::escapeString() :

<?php
 
class completeCityFunction extends ezjscServerFunctions
{
    public static function searchCities($args)
    {
        $query = '';
        $db = eZDB::instance(); // & is useless in PHP5
 
        $http = eZHTTPTool::instance();
        $query="select distinct(comune) from comuni
                       where comune like '" . $db->escapeString( trim( $http->getVariable( 'q' ) ) ) . "%'
                       and pid ='" . $db->escapeString( $http->getVariable( 'province' ) ) . "'";
 
        $result = $db->arrayQuery($query);
 
        return $result;
        // var_dump($result);
    }
}

Performances

Your tables miss some indexes. At least, the table comuni misses an index on the fields provincia and pid that could be created with the following SQL query :

CREATE INDEX comuni_provincia_pid ON comuni (pid, comune)

Hope that helps. Cheers

Damien
Planet eZ Publish.fr : http://www.planet-ezpublish.fr
Certification : http://auth.ez.no/certification/verify/372448
Publications about eZ Publish : http://pwet.fr/tags/keywords/weblog/ez_publish

Henrik Gren

Tuesday 18 January 2011 12:43:15 pm

Thanks, Damien.

Remarks much appreciated!

Best Regards

Henrik

Nicolas Pastorino

Wednesday 19 January 2011 1:01:57 am

Excellent insight on integration of external tables !

Thanks for this contribution Henrik !

--
Nicolas Pastorino
Director Community - eZ
Member of the Community Project Board

eZ Publish Community on twitter: http://twitter.com/ezcommunity

t : http://twitter.com/jeanvoye
G+ : http://plus.tl/jeanvoye

Tony Wood

Wednesday 26 January 2011 1:35:20 am

Nice article Henrik. We need more great articles like this that will attract more developers to see how great eZ Publish is.

Tony Wood : twitter.com/tonywood
Vision with Technology
Experts in eZ Publish consulting & development

Power to the Editor!

Free eZ Training : http://www.VisionWT.com/training
eZ Future Podcast : http://www.VisionWT.com/eZ-Future

Marko Žmak

Wednesday 16 February 2011 7:14:42 am

Henrik, I believe that using a class that extends eZPersistentObject instead of calling a raw sql query, would be a better and more "eZ like" implementation.

But this could also be material for a complete new tutorial...

--
Nothing is impossible. Not if you can imagine it!

Hubert Farnsworth

Henrik Gren

Monday 21 February 2011 9:21:56 am

"

Henrik, I believe that using a class that extends eZPersistentObject instead of calling a raw sql query, would be a better and more "eZ like" implementation.

But this could also be material for a complete new tutorial...

"

Thank you Marko!

Also I would have much appreciated a walk-through example/tutorial on eZPersistentObject.

Anyone?

:)

Peter Keung

Monday 21 February 2011 9:57:26 am

Thiago wrote a good intro to eZPersistentObject here:

http://share.ez.no/learn/ez-publish/a-quick-and-friendly-introduction-to-ezpersistentobject

http://www.mugo.ca
Mugo Web, eZ Partner in Vancouver, Canada

You must be logged in to post messages in this topic!

eZ debug

Timing: Jan 18 2025 00:53:40
Script start
Timing: Jan 18 2025 00:53:40
Module start 'content'
Timing: Jan 18 2025 00:53:40
Module end 'content'
Timing: Jan 18 2025 00:53:40
Script end

Main resources:

Total runtime0.3285 sec
Peak memory usage4,096.0000 KB
Database Queries227

Timing points:

CheckpointStart (sec)Duration (sec)Memory at start (KB)Memory used (KB)
Script start 0.00000.0107 587.8281180.8359
Module start 'content' 0.01070.1983 768.6641910.4531
Module end 'content' 0.20900.1195 1,679.1172349.5781
Script end 0.3285  2,028.6953 

Time accumulators:

 Accumulator Duration (sec) Duration (%) Count Average (sec)
Ini load
Load cache0.00431.3109210.0002
Check MTime0.00160.4842210.0001
Mysql Total
Database connection0.00090.278410.0009
Mysqli_queries0.206062.68552270.0009
Looping result0.00200.61312250.0000
Template Total0.291388.720.1457
Template load0.00210.645320.0011
Template processing0.289288.029420.1446
Template load and register function0.00010.040810.0001
states
state_id_array0.00140.428320.0007
state_identifier_array0.00120.363130.0004
Override
Cache load0.00190.5832490.0000
Sytem overhead
Fetch class attribute name0.00120.3728140.0001
Fetch class attribute can translate value0.00160.475870.0002
class_abstraction
Instantiating content class attribute0.00000.0072150.0000
XML
Image XML parsing0.01013.071370.0014
General
dbfile0.01765.3554600.0003
String conversion0.00000.001730.0000
Note: percentages do not add up to 100% because some accumulators overlap

CSS/JS files loaded with "ezjscPacker" during request:

CacheTypePacklevelSourceFiles
CSS0extension/community/design/community/stylesheets/ext/jquery.autocomplete.css
extension/community_design/design/suncana/stylesheets/scrollbars.css
extension/community_design/design/suncana/stylesheets/tabs.css
extension/community_design/design/suncana/stylesheets/roadmap.css
extension/community_design/design/suncana/stylesheets/content.css
extension/community_design/design/suncana/stylesheets/star-rating.css
extension/community_design/design/suncana/stylesheets/syntax_and_custom_tags.css
extension/community_design/design/suncana/stylesheets/buttons.css
extension/community_design/design/suncana/stylesheets/tweetbox.css
extension/community_design/design/suncana/stylesheets/jquery.fancybox-1.3.4.css
extension/bcsmoothgallery/design/standard/stylesheets/magnific-popup.css
extension/sevenx/design/simple/stylesheets/star_rating.css
extension/sevenx/design/simple/stylesheets/libs/fontawesome/css/all.min.css
extension/sevenx/design/simple/stylesheets/main.v02.css
extension/sevenx/design/simple/stylesheets/main.v02.res.css
JS0extension/ezjscore/design/standard/lib/yui/3.17.2/build/yui/yui-min.js
extension/ezjscore/design/standard/javascript/jquery-3.7.0.min.js
extension/community_design/design/suncana/javascript/jquery.ui.core.min.js
extension/community_design/design/suncana/javascript/jquery.ui.widget.min.js
extension/community_design/design/suncana/javascript/jquery.easing.1.3.js
extension/community_design/design/suncana/javascript/jquery.ui.tabs.js
extension/community_design/design/suncana/javascript/jquery.hoverIntent.min.js
extension/community_design/design/suncana/javascript/jquery.popmenu.js
extension/community_design/design/suncana/javascript/jScrollPane.js
extension/community_design/design/suncana/javascript/jquery.mousewheel.js
extension/community_design/design/suncana/javascript/jquery.cycle.all.js
extension/sevenx/design/simple/javascript/jquery.scrollTo.js
extension/community_design/design/suncana/javascript/jquery.cookie.js
extension/community_design/design/suncana/javascript/ezstarrating_jquery.js
extension/community_design/design/suncana/javascript/jquery.initboxes.js
extension/community_design/design/suncana/javascript/app.js
extension/community_design/design/suncana/javascript/twitterwidget.js
extension/community_design/design/suncana/javascript/community.js
extension/community_design/design/suncana/javascript/roadmap.js
extension/community_design/design/suncana/javascript/ez.js
extension/community_design/design/suncana/javascript/ezshareevents.js
extension/sevenx/design/simple/javascript/main.js

Templates used to render the page:

UsageRequested templateTemplateTemplate loadedEditOverride
1node/view/full.tplforum_topic/full.tplextension/community_design/design/suncana/override/templates/forum_topic/full.tplEdit templateOverride template
8content/datatype/view/ezxmltext.tpl<No override>extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tplEdit templateOverride template
11content/datatype/view/ezxmltags/paragraph.tpl<No override>extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tplEdit templateOverride template
7content/datatype/view/ezimage.tpl<No override>extension/sevenx/design/simple/templates/content/datatype/view/ezimage.tplEdit templateOverride template
2content/datatype/view/ezxmltags/line.tpl<No override>design/standard/templates/content/datatype/view/ezxmltags/line.tplEdit templateOverride template
2content/datatype/view/ezxmltags/strong.tpl<No override>design/standard/templates/content/datatype/view/ezxmltags/strong.tplEdit templateOverride template
2content/datatype/view/ezxmltags/literal.tpl<No override>extension/community/design/standard/templates/content/datatype/view/ezxmltags/literal.tplEdit templateOverride template
1content/datatype/view/ezxmltags/link.tpl<No override>design/standard/templates/content/datatype/view/ezxmltags/link.tplEdit templateOverride template
1content/datatype/view/ezxmltags/quote.tpldatatype/ezxmltext/quote.tplextension/ezwebin/design/ezwebin/override/templates/datatype/ezxmltext/quote.tplEdit templateOverride template
1pagelayout.tpl<No override>extension/sevenx/design/simple/templates/pagelayout.tplEdit templateOverride template
 Number of times templates used: 36
 Number of unique templates used: 10

Time used to render debug report: 0.0002 secs