Welcome Guest, Not a member yet? Register   Sign In
Send complex SQL string to another controller/view for print
#1

Hi guys
I'm generating a very long filtering and complex SQL
I have a view with the search/filter form. When form submitted, the results load (using $.ajax from jQuery) in a div below form

Now, the results div has some buttons for printing results, exporting to pdf, excel, and so.

I've been wondering how to re-use the sql query generated to filter the results in controller with the results div, but every idea I get lead my site to being hacked.

Maybe to store -temporarily- the sql string in a session variable? So when I call print (bootstrap modal) I get the flashdata and then clean it ?

Any tips or suggestions for doing this without loosing security? Thanks a lot
Reply
#2

Not quite sure I understand... Are you using sessions. If a user has an authenticated session then can only access certain controllers, regardless of the sql generated.
Practical guide to IgnitedCMS - Book coming soon, www.ignitedcms.com
Reply
#3

(10-07-2015, 01:58 PM)iamthwee Wrote: Not quite sure I understand... Are you using sessions. If a user has an authenticated session then can only access certain controllers, regardless of the sql generated.

Yes, I use sessions because I've implemented IonAuth, and I use also for storing messages through views or page reloads
My problem is not to restrict users to certain controllers, which (with IONAuth) I can

My problem is that I don't want to copy the same code to generate the filtering sql in another controller/view just for printing the results. I'd like to find an easy/secure way to share that generated sql code between controllers/views

Hope you've understood
Reply
#4

(This post was last modified: 10-07-2015, 02:31 PM by ignitedcms.)

Well I guess you could store it in a session, but I wouldn't advise it, maybe store it in a temporary table or something with the user's sessionid as the key. Sessions are encrypted server side now so I don't see how it could be exploited... still I wouldn't do that.
Practical guide to IgnitedCMS - Book coming soon, www.ignitedcms.com
Reply
#5

(10-07-2015, 02:14 PM)kabeza Wrote: My problem is that I don't want to copy the same code to generate the filtering sql in another controller/view just for printing the results. I'd like to find an easy/secure way to share that generated sql code between controllers/views

The safest way to do this is to move the code which generates the SQL into a library which is called by the controllers (assuming you need it to be called from multiple controllers) and just regenerate the SQL using the same inputs.

You could store the SQL in the session, but I try not to get in the habit of passing SQL strings around if I don't have to (especially storing them with the idea that I could use them again later).
Reply




Theme © iAndrew 2016 - Forum software by © MyBB