During the development of AnQiCMS templates, we often need to combine different text fragments, numerical information, and even system variables to form a complete output content, such as building dynamic links, displaying formatted data, or generating user-friendly prompt information.This process involves concatenating string and numeric variables, and how to safely and efficiently complete this operation is a crucial aspect of template development.AnQiCMS's powerful template engine provides a variety of flexible mechanisms to support these needs.
AnQiCMS's template engine syntax is similar to Django, variable output is done using double curly braces{{ 变量名 }}And control logic such as conditional judgment and loop is done using single curly braces and percent signs{% 标签 %}. Understanding this basic syntax is the first step in efficient template development.
Basic variable output and automatic escaping in templates.
In AnQiCMS templates, when we use{{ 变量名 }}When outputting variables, the system defaults to executing "auto-escaping". This means that special characters such as HTML tags and JavaScript code are converted to safe entity characters, for example<Will become<,>Will become>. This mechanism is a built-in security measure of the AnQiCMS template engine, designed to effectively prevent cross-site scripting attacks (XSS), ensuring that your website content is not damaged by maliciously injected code when displayed.
Therefore, unless you have a clear reason and are 100% sure of the security of the content, it is usually not necessary to perform additional manual escaping operations.In most cases, output the variable directly.
Safely concatenate strings and numbers
AnQiCMS provides multiple ways to concatenate strings and numbers, let's understand one by one.
1. UseaddFilter for simple concatenation
The most direct and commonly used method of concatenation is to utilizeaddThe filter is very intelligent and can handle various types of variables, whether it is adding strings with strings, numbers with strings, or numbers with numbers, it will try to convert and concatenate reasonably.
Usage: {{ 变量1|add:变量2 }}
Example:Suppose we have an article IDarchive.IdIt is a number100, the article titlearchive.TitleIt is a string"AnQiCMS模板教程".
Concatenating a string with a number:If we want to display "Article ID: 100", we can write it like this:
{{ "文章ID: "|add:archive.Id }} {# 输出: 文章ID: 100 #}Here, the filter will automatically convert numbers
100Concatenate the string with the preceding text.Concatenate strings:If you need to concatenate two strings, for example, to combine a filename:
{{ "header"|add:".html" }} {# 输出: header.html #}Add numbers:Of course,
addThe filter also supports pure numeric addition operations, for example, calculating the total:{% set price = 50 %} {% set quantity = 2 %} {{ price|add:quantity }} {# 输出: 52 #}
addThe filter will ignore the content that cannot be added together during automatic conversion, which increases its fault tolerance, but it also means that we need to ensure that the variables being concatenated meet expectations.
2. UsestringformatFilter for refined format output
When you need more complex format control, such as inserting multiple variables in a text, or formatting numbers in a specific way (such as retaining decimal places),stringformatThe filter is your powerful assistant. It is similar toprintforsprintfFunction.
Usage: {{ "格式字符串"|stringformat:变量1, 变量2, ... }}
placeholder in format strings:
%s: string placeholder%d: integer placeholder%.2f: floating-point placeholder (.2round to two decimal places%v: Default format output, usually used for complex types or uncertain types
Example:Assuming we havearchive.TitleWith"AnQiCMS模板指南",archive.ViewsWith1234,archive.PriceWith99.95.
Combine multiple variable text:
{{ "文章标题:%s,浏览量:%d 次。"|stringformat:archive.Title, archive.Views }} {# 输出: 文章标题:AnQiCMS模板指南,浏览量:1234 次。 #}Format numeric output:If we want to format the price to two decimal places:
{{ "商品价格:%.2f 元"|stringformat:archive.Price }} {# 输出: 商品价格:99.95 元 #}Mixed with multiple formats:
{{ "商品名称:%s,价格:%.2f 元,已售出:%d 件"|stringformat:archive.Title, archive.Price, archive.Views }} {# 输出: 商品名称:AnQiCMS模板指南,价格:99.95 元,已售出:1234 件 #}stringformatProvides powerful output control capabilities, making your data display more standardized and beautiful.
3. Pay attention to the handling of numeric variables
Although the AnQiCMS template engine can intelligently handle variable types most of the time, it is a good habit to explicitly perform type conversion before performing complex numerical calculations, especially when the variables come from user input or external data sources and the type may be uncertain.
Direct arithmetic operations:In
{{ }}In this case, you can perform basic arithmetic operations on numeric variables:{% set num1 = 10 %} {% set num2 = 5 %} {{ num1 + num2 }} {# 加法 #} {{ num1 - num2 }} {# 减法 #} {{ num1 * num2 }} {# 乘法 #} {{ num1 / num2 }} {# 除法 #} {# 输出: 15, 5, 50, 2 #}Here, if
num1ornum2Can be converted to a numeric string (for example"10"), template engines usually handle them correctly.Explicit type conversion:
integerandfloatFilter:If a variable may be a string representation of a number but you need to ensure it is a numeric type before the operation, you can useintegerorfloatFilter:{% set str_num = "123" %} {{ str_num|integer|add:45 }} {# 输出: 168 #} {% set str_price = "99.99" %} {{ str_price|float|stringformat:"%.1f" }} {# 输出: 99.9 #}These filters will return when the conversion fails
0or0.0Therefore, error handling needs to be considered in practical applications.Timestamp to date string conversion:
stampToDateTags:The timestamp in AnQiCMS is usually of numeric type. To convert it to a readable date string, you can usestampToDateTags:{{ stampToDate(archive.CreatedTime, "2006-01-02 15:04") }} {# 将10位时间戳格式化为 "年-月-日 时:分" 格式 #}Here
"2006-01-02 15:04"It is the Go language-specific date formatting base time, representing2006年1月2日15点04分Define the date format of the output through it.
Security considerations in practice
Again, the automatic escaping function of AnQiCMS template is your security guarantee.
- Default security: Just in case you use `{{