During the development of AnQiCMS templates, we often need to combine different text fragments, numerical information, and even system variables to form a complete output content, such as building dynamic links, displaying formatted data, or generating user-friendly prompt information.This process involves concatenating string and numeric variables, and how to safely and efficiently complete this operation is an indispensable part in template development.AnQiCMS powerful template engine provides a variety of flexible mechanisms to support these needs.
AnQiCMS's template engine syntax is similar to Django, variable output uses double curly braces{{ 变量名 }}While control logic such as conditional judgment and loop uses single curly braces and percent signs{% 标签 %}。Understanding this basic syntax is the first step in efficient template development.
Basic variable output and automatic escaping in templates.
In AnQiCMS templates, when we use{{ 变量名 }}When outputting variables, the system defaults to 'auto-escaping'. This means that special characters such as HTML tags and JavaScript code will be converted to safe entity characters, for example,<Will become<,>Will become>.This mechanism is a built-in security measure of AnQiCMS template engine, designed to effectively prevent cross-site scripting attacks (XSS), ensuring that your website content is not damaged by maliciously injected code when displayed.
Therefore, unless you have a clear reason and are one hundred percent certain of the content's safety, it is usually not necessary to perform additional manual escaping operations.In most cases, you can directly output the variable.
Safely concatenate strings and numbers
AnQiCMS provides multiple ways to concatenate strings and numbers, let's understand them one by one.
1. UseaddFilter for simple concatenation
The most direct and commonly used concatenation method is to useaddFilter.This filter is very intelligent, able to handle various types of variables, whether it is to add strings with strings, numbers with strings, or numbers with numbers, it will try to perform reasonable conversion and concatenation.
Usage: {{ 变量1|add:变量2 }}
Example:Suppose we have an article IDarchive.Idis a number100, article titlearchive.Titleis a string"AnQiCMS模板教程".
String concatenation with numbers:If we want to display "article ID: 100", we can write it like this directly:
{{ "文章ID: "|add:archive.Id }} {# 输出: 文章ID: 100 #}Here, the filter will automatically convert numbers
100to strings before concatenating with the preceding text.String concatenation:If you need to concatenate two strings, for example, to combine a filename:
{{ "header"|add:".html" }} {# 输出: header.html #}Add numbers to numbers:Of course,
addThe filter also supports pure numeric addition operations, for example, calculating the sum:{% set price = 50 %} {% set quantity = 2 %} {{ price|add:quantity }} {# 输出: 52 #}
addThe filter will ignore the content that cannot be added during automatic conversion, which increases its fault tolerance, but it also means that we need to ensure that the variables being concatenated meet the expectations.
2. UtilizestringformatFilter performs refined format output
When you need more complex formatting, such as inserting multiple variables in a text, or formatting numbers in a specific way (such as retaining decimal places),stringformatThe filter is your powerful assistant. It is similar toprintforsprintffunction.
Usage: {{ "格式字符串"|stringformat:变量1, 变量2, ... }}
Placeholders can be used in formatted strings:
%s: String placeholder%d: Integer placeholder%.2f: Floating-point placeholder (.2Represents retaining two decimal places)%v: Default format output, usually used for complex types or uncertain types
Example:Suppose we havearchive.Titleresponse for"AnQiCMS模板指南",archive.Viewsresponse for1234,archive.Priceresponse for99.95.
Combine multiple variable text:
{{ "文章标题:%s,浏览量:%d 次。"|stringformat:archive.Title, archive.Views }} {# 输出: 文章标题:AnQiCMS模板指南,浏览量:1234 次。 #}Format numeric output:If we want to format the price to two decimal places:
{{ "商品价格:%.2f 元"|stringformat:archive.Price }} {# 输出: 商品价格:99.95 元 #}Mixing multiple formats:
{{ "商品名称:%s,价格:%.2f 元,已售出:%d 件"|stringformat:archive.Title, archive.Price, archive.Views }} {# 输出: 商品名称:AnQiCMS模板指南,价格:99.95 元,已售出:1234 件 #}stringformatProvides powerful output control capabilities, making your data display more standardized and beautiful.
3. Notes on handling numeric variables
Although AnQiCMS template engine can intelligently handle variable types in most cases, it is a good habit to explicitly perform type conversion before complex numerical calculations, especially when variables come from user input or external data sources and their types may be uncertain.
Direct Arithmetic Operations:In
{{ }}auto, You can directly perform basic arithmetic operations on numeric variables:{% set num1 = 10 %} {% set num2 = 5 %} {{ num1 + num2 }} {# 加法 #} {{ num1 - num2 }} {# 减法 #} {{ num1 * num2 }} {# 乘法 #} {{ num1 / num2 }} {# 除法 #} {# 输出: 15, 5, 50, 2 #}Here, if
num1ornum2is a string that can be converted to a number (for example)"10"), The template engine usually handles it correctly.Explicit type conversion:
integerandfloatFilter:If a variable may be a string representation of a number, but you need to ensure it is a number type before operation, you can useintegerorfloatFilter:{% set str_num = "123" %} {{ str_num|integer|add:45 }} {# 输出: 168 #} {% set str_price = "99.99" %} {{ str_price|float|stringformat:"%.1f" }} {# 输出: 99.9 #}These filters return if the conversion fails
0or0.0Therefore, error handling needs to be considered in practical applications.Timestamp to date string conversion:
stampToDateTags:AnQiCMS中的时间戳通常是数字类型。要将其转换为可读的日期字符串,可以使用 EnglishstampToDateTags:{{ stampToDate(archive.CreatedTime, "2006-01-02 15:04") }} {# 将10位时间戳格式化为 "年-月-日 时:分" 格式 #}Here are the
"2006-01-02 15:04"是Go语言特有的日期格式化基准时间,代表 English2006年1月2日15点04分Through it to define the output date format.
Safety considerations in practice
Again, emphasize that the automatic escaping function of AnQiCMS template is your safety guarantee.
- Default security:Only if you use`{