accessing editor.php to add a variable to the WHERE clause
accessing editor.php to add a variable to the WHERE clause
fapworx_gmail
Posts: 7Questions: 0Answers: 0
Hi All
Ok, I now mastered the WHERE statement in the Datatables server_processing.php
I can open a new table, in a new page or new browser window with something like this:
[code]filter_server_side_f.php?field=$_GET["field"][/code]
To do this, I changed the html extention to php so I can pass whatever values I want to this page using:
Hi All
Ok, I now mastered the WHERE statement in the Datatables server_processing.php
I can open a new table, in a new page or new browser window with something like this:
[code]filter_server_side_f.php?field=$_GET["field"][/code]
To do this, I changed the html extention to php so I can pass whatever values I want to this page using:
[code].../serverpage.php?field=$value[/code]
so on the html(now php) page, I wouls have
[code]"ajaxUrl": "php/browsers3t.php?stage=\"$stage\"",[/code]
on the server side page, it looks like this:
[code]
$sQuery = "
SELECT SQL_CALC_FOUND_ROWS id, ".str_replace(" , ", " ", implode(", ", $aColumns))."
FROM $sTable
WHERE stage = '" . $_GET['stage'] . "'
$sOrder
$sLimit
";
[/code]
I could then draw a table displaying only the required data (filtered).
I got that part to work very well for me.
However, it is still a 2 phase action. How can I shorten this to get to the Editor direct from my GET link
I noted that it is possible to assign a field/value to the WHERE close in Editor.php
here is the thread:
[quote]http://datatables.net/forums/discussion/11398/where-using-editor/p1[/quote]
here is my question:
because DT uses aliases for Editor.php, how can I pass a value to that specific section in editor.php:
I would like to do this:
[code]$query->where( "stage", "$stage" );[/code]
where $stage is past on from the url specified in my html(now php) page
I hope that makes some sense to someone?
Ok, I now mastered the WHERE statement in the Datatables server_processing.php
I can open a new table, in a new page or new browser window with something like this:
[code]filter_server_side_f.php?field=$_GET["field"][/code]
To do this, I changed the html extention to php so I can pass whatever values I want to this page using:
Hi All
Ok, I now mastered the WHERE statement in the Datatables server_processing.php
I can open a new table, in a new page or new browser window with something like this:
[code]filter_server_side_f.php?field=$_GET["field"][/code]
To do this, I changed the html extention to php so I can pass whatever values I want to this page using:
[code].../serverpage.php?field=$value[/code]
so on the html(now php) page, I wouls have
[code]"ajaxUrl": "php/browsers3t.php?stage=\"$stage\"",[/code]
on the server side page, it looks like this:
[code]
$sQuery = "
SELECT SQL_CALC_FOUND_ROWS id, ".str_replace(" , ", " ", implode(", ", $aColumns))."
FROM $sTable
WHERE stage = '" . $_GET['stage'] . "'
$sOrder
$sLimit
";
[/code]
I could then draw a table displaying only the required data (filtered).
I got that part to work very well for me.
However, it is still a 2 phase action. How can I shorten this to get to the Editor direct from my GET link
I noted that it is possible to assign a field/value to the WHERE close in Editor.php
here is the thread:
[quote]http://datatables.net/forums/discussion/11398/where-using-editor/p1[/quote]
here is my question:
because DT uses aliases for Editor.php, how can I pass a value to that specific section in editor.php:
I would like to do this:
[code]$query->where( "stage", "$stage" );[/code]
where $stage is past on from the url specified in my html(now php) page
I hope that makes some sense to someone?
This discussion has been closed.
Replies
Allan
What I'm trying to do is to load the $stage variable dynamicaly from a set url As:
www.mypage.php?stage=somestage
or even better,
www.mypage.php?stage=$somestage
I could then assign $somestage from where ever I want.
passing this to the basic serverside processing page is easy
but with Editor, there's an alias in between mypage.php and Editor.php
[code]use
DataTables\Editor,
[/code]
Or I'm not looking at the right place.
if I hardcode the where statement in editor.php like this:
[code]$query->where( "stage", "Glade" );[/code]
it works but I then limited myself to just the "Glade " stage.
In festivals like Glastonbury, that would be pretty laim if they only had one stage :-)
I would say that the risk with that method is that it is a wide open security hole. All the user needs to do is change the GET parameter and they might be able to access something you perhaps didn't indeed for them to?
Allan
This has always been a problem so i catered for this by creating a unique reference by doing an md5 on a collection of data that is concatenated and then md5(). I then use this unique reference for public use.
i should add that none of the tables are for public use but only for admin.
To sum up, the id field from the table is only used by DT. Anything else uses a generated string that looks like this:
58a2f895be5b0665ffped522951c68f0
...still having a go...
I know it can be a security thing but for my app, that's all i need.
so I edited my table init so it says:
[code]
$('#example').dataTable( {
"sDom": "lTrtip",
"aLengthMenu": [[5, 10, 25, 50, -1], [5, 10, 25, 50, "All"]],
"sAjaxSource": "../my_serverside_php_file.php",
"oSearch":{
"sSearch":"<?php echo $__GET["$"]; ?>", //This could be a POST or a JS var just the same
"bRegex": false,
"bSmart": false }, [/code]
This table, in my project will be called from a specific link from my base table and filterd accordingly.
so I would call my table with:
[code]
.../my_table_file.php?my_get_var=my-get-var-value"
[/code]
Also, because the called table will be in a modal, I removed the search input field so all that table will show is the filtered data without allowing the user to change the filtration but still accessing the CRUD
I also found that if i just suppress the POST or GET value or theres no value present like
[code]
.../my_table_file.php?my_get_var="
[/code]
The table will display all.
That works for me.
I know its a work around for a specific need but hey! ...still worx
I mean, there was always The column filter plug-in but for this instance, I didn't want that.
Doesn't that also apply for every line of software ever written? ;-)
Good to hear you got it working as you need!
Allan