Drupal t function with variables
I often see the t function which is designed for both security and translation used incorrectly in regard to variables. The t() function should not be passes a variable directly
<?php
// This is an incorrect use of the t function.
$text = t($some_variable);
// Variables need to be processed through placeholders like one of the examples below.
$text = t("This is my !name, pleased to meet you.", array('!name' => $some_variable));
$text = t("This is my @name, pleased to meet you.", array('@name' => $some_variable));
$text = t("This is my %name, pleased to meet you.", array('%name' => $some_variable));
?>
https://api.drupal.org/api/drupal/includes%21bootstrap.inc/function/t/7
The use of !, @ or % is not arbitrary. They should be used as needed based on this criteria:
- @variable: Escaped to HTML using check_plain(). Use this as the default
choice for anything displayed on a page on the site. - %variable: Escaped to HTML and formatted using drupal_placeholder(),
which makes it display as <em>emphasized</em> text. - !variable: Inserted as is, with no sanitization or formatting. Only use
this for text that has already been prepared for HTML display (for
example, user-supplied text that has already been run through
check_plain() previously, or is expected to contain some limited HTML
tags and has already been run through filter_xss() previously).
https://api.drupal.org/api/drupal/includes%21bootstrap.inc/function/form...