You're going in the right direction. Your function will only use the conditions for fields in your table. It doesn't really matter if your user specifies additional "conditions" because they will be ignored.
I haven't tried it, but I assume you could always make a whitelist of allowed params and unset everything else. Just don't forget to sanitize them.. :-) On Jan 21, 3:20 pm, "die...@be" <[email protected]> wrote: > Hi all, > I want to use pagination, but also named parameters to form conditions > to restrict my resultset. > Example: > Customer hasmany contract, contract belongsTo Customer (foreign key > customer_id) > > I want to be able to paginate contracts, but also only view > (paginated) the contracts of a certain customer. > Url's would be something like this: > /contracts/index/customer_id: > 1 # only look > for records where customer_id = 1 > /contracts/index/page:1/sort:customer_id/ > direction:asc/ # some paginated view > /contracts/index/page:1/sort:customer_id/direction:asc/customer_id:1 # > pagination + search condititon combined > > My first idea: since $this->passedArgs is an array of key-value pairs > of the named parameters, I can directly use it to specify the > conditions, like so: > $this->set('contracts', $this->paginate('Contract',$this->passedArgs)); > > The problem with this is that the user can pass any parameter he want, > thus forming invalid queries. In fact the parameters from the > paginator end up in my conditions also and make the query invalid. > > So.. I should filter the $this->passedArgs to only use the entries > that match a column of my model, right? > So I came up with this:http://bin.cakephp.org/view/737267546 > This is better, but still the user can specify any value. Is there > any way to validate the arguments before using them as conditions? > > Or am I just looking to far, is there a more elegant way to handle > this? > Thanks, > Dieter --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
