questions about code - header_php.php & main_template_vars.php

**barricades** · 7 May 2012, 04:34 PM

Hello wonderful zencart community. I'm kind of trying to figure out how zen-cart works under the hood. I understand php mostly and things I can't work out I can google and understand but there's two things I can't figure out why they are like they are and I'd love it if someone could explain to me.

Qu 1
in header_php.php (and similar elsewhere) there is a SELECT statement which includes the line:
WHERE categories_id = :categoriesID";

I know the :categoriesID is a placeholder and that a couple of lines later there is:
$categories_products_query = $db->bindVars($categories_products_query, ':categoriesID', $current_category_id, 'integer');

My question is how come the SELECT doesn't just use:
WHERE categories_id =" . $current_category_id "; (or something like that) Surely it's exactly the same thing? Whats the reason?

Qu2
in main_template_vars.php $define_list is created like:

Code:

$define_list = array('PRODUCT_LIST_MODEL' => PRODUCT_LIST_MODEL,  'PRODUCT_LIST_NAME' => PRODUCT_LIST_NAME,
  'PRODUCT_LIST_MANUFACTURER' => PRODUCT_LIST_MANUFACTURER,
  'PRODUCT_LIST_PRICE' => PRODUCT_LIST_PRICE,
  'PRODUCT_LIST_QUANTITY' => PRODUCT_LIST_QUANTITY,
  'PRODUCT_LIST_WEIGHT' => PRODUCT_LIST_WEIGHT,
  'PRODUCT_LIST_IMAGE' => PRODUCT_LIST_IMAGE);

then an array loops through and does:

Code:

$column_list = array();  foreach ($define_list as $key => $value)
  {
    if ($value > 0) $column_list[] = $key;
  }

How $column_list needs to be created this way? Could it not just be written out like the define_list in the first place?

I guess these are really stupid questions but I'm a learner driver and I just don't understand.

Thanks for any tips :)

**DrByte** · 7 May 2012, 08:18 PM

Q1 - It's done that way so that the bindvars() action can sanitize the inputs and prevent SQL injection security problems.

Q2 - It's done that way so that the $define_list can be re-used in multiple places, and also to prevent nesting the stuff all in one line of code, which would be harder to read. The $column_list is populated only when one of the $define_list constants (set via admin switches) is set to a zon-zero value. This allows the storeowner to configure certain columns to be on or off, or displayed in a given order, without having to touch the code.

**barricades** · 7 May 2012, 09:18 PM

Hi DrByte, thanks for the explanation, that all makes perfect sense now.

One more (possibly) silly question - going through the flow of how everything loads I see that in default_filter.php it checks for $column_list and $select_column_list, but as far as I can figure out they are only created in main_template_vars.php which seems to load after default_filter.php, I can't figure out under what circumstances they would be set in default_filter.php.

I'm being stupid? Right?

Thanks for taking the time to reply before by the way, very much appreciated :)