Introduction to Node Field Values
When using Drupal input formats with HTML Filtered enabled, the text gets passed through a variaty of functions which sanazite the user input. The HTML Filter removes harmfull content such as iframes, javascript and inline CSS. Drupal by default, stores the raw value in the database so that developers have fine control on how they want to output that variable. This blog article talks about the difference between the value, safe, and view variables and best practices in saving and outputting safe node values.
Drupal Variables Explained
Let's jump right in to it! If you look at a full node within your template you will notice that all of the text fields have three variables attached to them:
1. $node->field_my_field_name[0]["value"];
2. $node->field_my_field_name[0]["safe"];
3. $node->field_my_field_name[0]["view"];
The differenced between the three is very simple, but critical when deciding which one to use when saving your Drupal field values.
* Value: Contains the raw user input as it's typed and stored how it's going to render. Use this variable when you want to show exacly what you or a user has entered.
* Safe: Contains filtered text that has run through Drupal's input format. If this is a text area, the format can be chosen. If it's a textfield, the default input format will be used. As a developer you should use this variable when redering a user contributed field.
* View: This variable contains the value, formatted based on what was defined in the Dispaly Fields for that content type. Use this variable when you want to use the default view for a particular field (like files, etc).
Loading a node with the 'safe' variables
One thing we have to keep in mind is that the safe variables are only generated upon the "view" operation for the hook_nodeapi(). This means that node_invoke_nodeapi($node, 'view', $teaser, $page); needs to be called after you load the node. In other words, if you need the safe variables after calling node_load() you need to call node_build_content() which will remove the teaser delimeter and also call node_invoke_nodeapi() for the view operation.
Here is an example:
$node = node_load(12);
$node = node_build_content($node);
echo $node->field_my_field_name[0]["safe"];
For more information: http://www.designzillas.com/services/cms-solutions
When using Drupal input formats with HTML Filtered enabled, the text gets passed through a variaty of functions which sanazite the user input. The HTML Filter removes harmfull content such as iframes, javascript and inline CSS. Drupal by default, stores the raw value in the database so that developers have fine control on how they want to output that variable. This blog article talks about the difference between the value, safe, and view variables and best practices in saving and outputting safe node values.
Drupal Variables Explained
Let's jump right in to it! If you look at a full node within your template you will notice that all of the text fields have three variables attached to them:
1. $node->field_my_field_name[0]["value"];
2. $node->field_my_field_name[0]["safe"];
3. $node->field_my_field_name[0]["view"];
The differenced between the three is very simple, but critical when deciding which one to use when saving your Drupal field values.
* Value: Contains the raw user input as it's typed and stored how it's going to render. Use this variable when you want to show exacly what you or a user has entered.
* Safe: Contains filtered text that has run through Drupal's input format. If this is a text area, the format can be chosen. If it's a textfield, the default input format will be used. As a developer you should use this variable when redering a user contributed field.
* View: This variable contains the value, formatted based on what was defined in the Dispaly Fields for that content type. Use this variable when you want to use the default view for a particular field (like files, etc).
Loading a node with the 'safe' variables
One thing we have to keep in mind is that the safe variables are only generated upon the "view" operation for the hook_nodeapi(). This means that node_invoke_nodeapi($node, 'view', $teaser, $page); needs to be called after you load the node. In other words, if you need the safe variables after calling node_load() you need to call node_build_content() which will remove the teaser delimeter and also call node_invoke_nodeapi() for the view operation.
Here is an example:
$node = node_load(12);
$node = node_build_content($node);
echo $node->field_my_field_name[0]["safe"];
For more information: http://www.designzillas.com/services/cms-solutions