Hi. I have several remarks.
First of all, using constructions kind of:
'condition'=>'status='.$_POST['Details']['status'].' and gender='.$_POST['Details']['status'].' and age='.$_POST['Details']['status'].' and name='.$_POST['Details']['name'],
…is a straight way to hell sql-injection.
Secondly, such lines as
$criteria->compare('status', $_POST['Details']['status'], false, 'AND');
gives you notice in case if no post data submitted.
To prevent any efforts to hack you script and to improve skills I suggest:
-
use parameter bindng (PDO will escape your parameters)
-
validate all data received from client (this will be helpful not only for validation, but for generating secondary objects)
// controller code:
public function getDetailsCriteria()
{
$defaultCriteria = new CDbCriteria( // default criteria will be applied even if no post submitted
'order'=>'order_id DESC',
'with'=>array('author'),
));
$filterModel = new PostFilter();
$filterModel->attributes = Yii::app()->getRequest()->getPost('Details', array());
if ($filterModel->validate())
{
$defaultCriteria->mergeWith($filterModel->getConditions());
}
return $defaultCriteria;
}
// form model
class PostFilter extends CFormModel
{
public $name;
public $status;
public $age;
public $gender;
public function rules()
{
return array(
array('age', 'numerical', 'min' => 0, 'max' => 199, 'allowEmpty' => true),
array('name', 'length', 'min' => 0, 'max' => 255, 'allowEmpty' => true), // name max length should not be greater that DB field length
array('status', 'in', 'range' => array(STATUS_ACTIVE, STATUS_INACTIVE), 'allowEmpty' => true),
array('gender', 'in', 'range' => array('male', 'female'), 'allowEmpty' => true),
);
}
public function getConditions() // returns conditional part of criteria
{
$cond = array();
$params = array();
foreach ($this as $attribute => $value)
{
if ($value !== null)
{
$cond[] = $attribute . '=:' . $attribute; // 'name=:name'
$params[':'.$attribute] = $value; // array(':name' => 'John')
}
}
return array(
'condition' => implode(' AND ', $cond),
'params' => $params,
);
}
}
// initializing data-provider
$dataProvider=new CActiveDataProvider('Post', array(
'criteria'=>$this->getDetailsCriteria(),
'pagination'=>array(
'pageSize'=>20,
),
));
Feel free to ask any questions if you have troubles with this brief example.