menatep
August 21, 2009, 8:18am
5
I got this error…
first i searched for user with name containing "user"
then i tried to filter out the result by selecting country as "Russia"
CDbCommand failed to execute the SQL statement: SQLSTATE[23000]: Integrity constraint violation: 1052 Column ‘name’ in where clause is ambiguous
Source File
C:\wamp\www\framework\db\CDbCommand.php(322)
00310: }
00311:
00312: if($this->_connection->enableProfiling)
00313: Yii::endProfile(‘system.db.CDbCommand.query(’.$this->getText().’)’,‘system.db.CDbCommand.query’);
00314:
00315: return $result;
00316: }
00317: catch(Exception $e)
00318: {
00319: if($this->_connection->enableProfiling)
00320: Yii::endProfile(‘system.db.CDbCommand.query(’.$this->getText().’)’,‘system.db.CDbCommand.query’);
00321: Yii::log('Error in querying SQL: '.$this->getText().$params,CLogger::LEVEL_ERROR,‘system.db.CDbCommand’);
00322: throw new CDbException(Yii::t(‘yii’,‘CDbCommand failed to execute the SQL statement: {error}’,
00323: array(’{error}’=>$e->getMessage())));
00324: }
00325: }
00326: }
i extracted \datafilter into \protected\extensions
did everything on the documentation,
then got this error:
YiiBase::include(CDataFilter.php) [<a href=‘yiibase.include’>yiibase.include</a>]: failed to open stream: No such file or directory
please help me on this, thanks.
menatep
August 21, 2009, 5:19pm
7
Eric… index.php needs to be modified to refer to your correct framework path.
seb
August 23, 2009, 3:12pm
8
This can be fixed changing User::getDataFilterSearchFields() to
public function getDataFilterSearchFields($filterName)
{
switch ($filterName) {
case 'userFieldsSearch':
return array(
'df_users.id'=>'User ID',
'df_users.name'=>'Name',
'df_users.username'=>'Username',
);
}
}
I can not attach fixed demo because of 500KB global upload quota
menatep:
i extracted \datafilter into \protected\extensions
did everything on the documentation,
then got this error:
YiiBase::include(CDataFilter.php) [<a href=‘yiibase.include’>yiibase.include</a>]: failed to open stream: No such file or directory
please help me on this, thanks.
Eric, you probably need to add datafilters classes to Yii’s import in config/main.php:
// autoloading model and component classes
'import'=>array(
'application.models.*',
'application.components.*',
...
'application.extensions.datafilter.*',
'application.extensions.datafilter.filters.*',
),
Anticon
August 24, 2009, 10:53am
10
$criteria->condition = ' countries_id = '.$_GET['countryFilter'];
is very vulnerable against SQL-Injections…
seb
August 25, 2009, 7:09am
11
I am not very experienced web-developer and the problem here is that after form is submited previous parameters are striped, for example having
www.sitename/index.php?r=modules_setup/admin
as form action we will get url like
www.sitename/index.php?param1=value1¶m2=value2&...
after form is submited.
I can use hidden field to preserve existing parameters, but I expect some problems with that.
Martial123, maybe you can use “path” urls for your application (setting ‘urlFormat’=>‘path’ for urlManager component in config\main.php)? This also solves a problem.
Can you suggest more secure way to build sql? It is a demo application, but I think some people can reproduce this vulnerable code in their applications.
pestaa
August 25, 2009, 7:47am
12
$criteria->condition = ' countries_id = :filter';
$criteria->params = array(':filter'=>$_GET['countryFilter']);
seb
August 26, 2009, 4:35pm
13
Thanks, I will use this for the demo application.
seb
September 2, 2009, 10:42am
14
I am trying now to build all conditions such way, but have a problem with LIKE condition.
I have code:
$localCriteria = new CDbCriteria;
$localCriteria->condition = ' '.$searchField.' LIKE "%'.$searchValue.'%" ';
It works, but $searchValue taken from $_GET and placed to condition directly.
I changed this code to:
$localCriteria = new CDbCriteria;
$localCriteria->condition = ' '.$searchField.' LIKE "%:searchValue%" ';
$localCriteria->params = array(':searchValue'=>$searchValue);
This code does not work - returned empty set, but I know it should be some results.
May be someone have any suggestions how to make it work?
pestaa
September 3, 2009, 1:04pm
15
It should be:
$localCriteria = new CDbCriteria;
$localCriteria->condition = $searchField.' LIKE :searchValue';
$localCriteria->params = array(':searchValue'=>'%'.$searchValue.'%');
seb
September 4, 2009, 9:35am
16
Thanks! I tried many combinations, but not the right one
Pestaa, congratulations for joining Yii team.
I uploaded new datafilter version and demo application: datafilter downloads
icevan
September 10, 2009, 9:33am
17
CDataFilterWidget.php:
155: echo CHtml::form($this->formAction,$this->formMethod,$this->formOptions);
Did not work on servers where appplication work not in root folder. http://myserv.net/fold/fold/myYiiApp
Should be
155: echo CHtml::form( CHtml::normalizeUrl($this->formAction) ,$this->formMethod,$this->formOptions);
seb
September 18, 2009, 7:46am
18
icevan:
CDataFilterWidget.php:
155: echo CHtml::form($this->formAction,$this->formMethod,$this->formOptions);
Did not work on servers where appplication work not in root folder. http://myserv.net/fold/fold/myYiiApp
Should be
155: echo CHtml::form( CHtml::normalizeUrl($this->formAction) ,$this->formMethod,$this->formOptions);
Thanks, will do like you suggested.
seb
September 18, 2009, 1:05pm
19
I uploaded new datafilter version 0.3 and demo application: datafilter downloads.
Most important new features are: CDataFilterWidget - options to generate submit and reset buttons, CDataFilter - option to store filter state to the session.
fibler
October 12, 2009, 11:43am
20
@seb - Hi there, not sure why I am getting the following error when installing your version 0.3 extension…
I have tried both yii-1.0.8 and yii-1.0.9, as well as the demo app and adding it to testdrive app with user table.
Still I get the same error. If you know why I get this error would be very helpful.
PHP Error
Description
Declaration of CFilterSearch::applyCriteria() should be compatible with that of CFilterBase::applyCriteria()
Source File
/Library/WebServer/Documents/yii-datafilter/protected/extensions/datafilter/filters/CFilterSearch.php(12)
00001: <?php
00002: /**
00003: * CFilterSearch class file.
00004: *
00005: * @author Seb <serebrov@algo-rithm.com>, Algo-rithm
00006: *
00007: * @version 0.3
00008: *
00009: * @desc CFilterSearch is a link to filter data.
00010: */
00011: class CFilterSearch extends CFilterBase
00012: {
00013: /**
00014: * Apply filter's value to criteria. Method call redirected to model's
00015: * method applyDataSearchCriteria()
00016: * @param <CActiveRecord> $model
00017: * @param <CDbCriteria> $criteria
00018: */
00019: public function applyCriteria($model, &$criteria)
00020: {
00021: $searchFields = $model->getDataFilterSearchFields($this->name);
00022: $fieldName = $this->getValue();
00023:
00024: if ( isset($searchFields[$fieldName])) {
seb
October 17, 2009, 2:59pm
21
fibler:
@seb - Hi there, not sure why I am getting the following error when installing your version 0.3 extension…
I have tried both yii-1.0.8 and yii-1.0.9, as well as the demo app and adding it to testdrive app with user table.
Still I get the same error. If you know why I get this error would be very helpful.
PHP Error
Description
Declaration of CFilterSearch::applyCriteria() should be compatible with that of CFilterBase::applyCriteria()
Source File
/Library/WebServer/Documents/yii-datafilter/protected/extensions/datafilter/filters/CFilterSearch.php(12)
It was a bug in CFilterBase::applyCriteria declaration, it should be:
public function applyCriteria($model, &$criteria)
{
return;
}
This error is reported by PHP only when E_STRICT option is enabled.
I fixed bug and uploaded new version here (I replaced previous v0.3 archives).
Anticon
October 19, 2009, 12:51pm
22
I have tested the version 0.3, but the demo has still has a large security leak:
Normal Url:
http://localhost/dfdemo/?userFieldsSearch=df_users.id&userFieldsSearchText=&groupFilter=1&countryFilter=&cityFilter=
Now we change the url a little bit:
http://localhost/dfdemo/?userFieldsSearch=df_users.id&userFieldsSearchText=&groupFilter=999&countryFilter=999&cityFilter=999);DROP DATABASE `dfdemo`;
As result a normal user deletes the whole database…
Please use binding parameters to solve this problem:
http://www.yiiframew …ding-parameters
Greetings
Anticon
seb
October 19, 2009, 1:36pm
23
Anticon:
I have tested the version 0.3, but the demo has still has a large security leak:
Normal Url:
http://localhost/dfdemo/?userFieldsSearch=df_users.id&userFieldsSearchText=&groupFilter=1&countryFilter=&cityFilter=
Now we change the url a little bit:
http://localhost/dfdemo/?userFieldsSearch=df_users.id&userFieldsSearchText=&groupFilter=999&countryFilter=999&cityFilter=999);DROP DATABASE `dfdemo`;
As result a normal user deletes the whole database…
Please use binding parameters to solve this problem:
http://www.yiiframew …ding-parameters
Greetings
Anticon
Hi, Anticon
Thank you VERY much for your post, because I uploaded wrong (old) version yesterday.
Now I re-uploaded extension and demo application and there are all security fixes as well as a fix I made yesterday.
Sorry to all who downloaded a wrong version and please download it again.
Anticon
October 19, 2009, 3:09pm
24
Hi seb,
this version looks better. Thank you.
Greetings
Anticon
.