+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: Best Practices (https://forum.codeigniter.com/forumdisplay.php?fid=12)
+--- Thread: Send complex SQL string to another controller/view for print (/showthread.php?tid=63208)
Send complex SQL string to another controller/view for print - kabeza - 10-07-2015
Hi guys
I'm generating a very long filtering and complex SQL
I have a view with the search/filter form. When form submitted, the results load (using $.ajax from jQuery) in a div below form
Now, the results div has some buttons for printing results, exporting to pdf, excel, and so.
I've been wondering how to re-use the sql query generated to filter the results in controller with the results div, but every idea I get lead my site to being hacked.
Maybe to store -temporarily- the sql string in a session variable? So when I call print (bootstrap modal) I get the flashdata and then clean it ?
Any tips or suggestions for doing this without loosing security? Thanks a lot
RE: Send complex SQL string to another controller/view for print - ignitedcms - 10-07-2015
Not quite sure I understand... Are you using sessions. If a user has an authenticated session then can only access certain controllers, regardless of the sql generated.
RE: Send complex SQL string to another controller/view for print - kabeza - 10-07-2015
(10-07-2015, 01:58 PM)iamthwee Wrote: Not quite sure I understand... Are you using sessions. If a user has an authenticated session then can only access certain controllers, regardless of the sql generated.
Yes, I use sessions because I've implemented IonAuth, and I use also for storing messages through views or page reloads
My problem is not to restrict users to certain controllers, which (with IONAuth) I can
My problem is that I don't want to copy the same code to generate the filtering sql in another controller/view just for printing the results. I'd like to find an easy/secure way to share that generated sql code between controllers/views
Hope you've understood
RE: Send complex SQL string to another controller/view for print - ignitedcms - 10-07-2015
Well I guess you could store it in a session, but I wouldn't advise it, maybe store it in a temporary table or something with the user's sessionid as the key. Sessions are encrypted server side now so I don't see how it could be exploited... still I wouldn't do that.
RE: Send complex SQL string to another controller/view for print - mwhitney - 10-08-2015
(10-07-2015, 02:14 PM)kabeza Wrote: My problem is that I don't want to copy the same code to generate the filtering sql in another controller/view just for printing the results. I'd like to find an easy/secure way to share that generated sql code between controllers/views
The safest way to do this is to move the code which generates the SQL into a library which is called by the controllers (assuming you need it to be called from multiple controllers) and just regenerate the SQL using the same inputs.
You could store the SQL in the session, but I try not to get in the habit of passing SQL strings around if I don't have to (especially storing them with the idea that I could use them again later).