I have a form with a select box that lists possible recipient ids which are generated from a custom table using migxLoopCollection
. I know want to create a custom hook which takes in the selected recipient id and sets the emailTo
property accordingly.
Here’s what I got so far:
// get id value from select input
$teamId = $hook->getValue('recipient');
// get email from id
$teamEmail = $modx->query("SELECT email FROM team WHERE id=$teamId");
// check for result
if (!is_object($teamEmail)) {
// no - return error
$hook->addError('recipient','Recipient invalid.');
return $hook->hasErrors();
}
else {
// yes - set email
$hook->formit->config['emailTo'] = $teamEmail;
return true;
}
Is this the proper way to do this?
How would I make sure the selected recipient value does not contain any malicious content, as I use this value in the query?