I want to (if possible) control filtering of GridView directly from an URL or link, just like I can do about , sorting and pagination.
I know that passing queries through URL is just as bad idea as it can be. But given that:
- It will be encoded
- Only
andWhere()
part will be used - It will be used in menu only (no form, no user input, except modifying URL)
Can I consider something like this:
[
'url' => ['/patient/index', 'filter' => base64_encode(serialize(['name' => 'Smith']))],
'label' => 'Test',
],
Plus this:
public function actionIndex($filter = '')
{
$filter = unserialize(base64_decode($filter));
$filter = is_array($filter) ? $filter : [];
$dataProvider = new ActiveDataProvider([
'query' => Patient::find()->where($filter),
'pagination' => ['pageSize' => 10],
'sort' => ['defaultOrder' => ['surname' => SORT_ASC]],
]);
Or is this still a bad idea in terms of security, performance, etc.?
If this is still a bad idea then (given the fact that passing sorting through URL is already implemented) how can I easy implement the mechanism of defining WHERE query and pagination directly in Url::to()
links?