Encode filtering in an URL

I want to (if possible) control filtering of GridView directly from an URL or link, just like I can do about , sorting and pagination.

I know that passing queries through URL is just as bad idea as it can be. But given that:

  • It will be encoded
  • Only andWhere() part will be used
  • It will be used in menu only (no form, no user input, except modifying URL)

Can I consider something like this:

[
    'url' => ['/patient/index', 'filter' => base64_encode(serialize(['name' => 'Smith']))],
    'label' => 'Test',
],

Plus this:

public function actionIndex($filter = '')
{
    $filter = unserialize(base64_decode($filter));
    $filter = is_array($filter) ? $filter : [];

    $dataProvider = new ActiveDataProvider([
        'query' => Patient::find()->where($filter),
        'pagination' => ['pageSize' => 10],
        'sort' => ['defaultOrder' => ['surname' => SORT_ASC]],
    ]);

Or is this still a bad idea in terms of security, performance, etc.?

If this is still a bad idea then (given the fact that passing sorting through URL is already implemented) how can I easy implement the mechanism of defining WHERE query and pagination directly in Url::to() links?

Generally speaking it is bad (danger) idea but as long as you have strict rules what can be send to your app this way, it could be useful.
There is also guide article about requests with filtering elements:
https://www.yiiframework.com/doc/guide/2.0/en/rest-filtering-collections#filtering-request

1 Like