Hello everybody.
since I have large amount of fields of various data types in my model, I decided to create query based search instead of default filter/search option. This means, that user inputs direct SQL query, in this case conditions that come after there WHERE in SQL query (see attached pic).
I implemented this using CDBCriteria’s method “criteria”, see my search method below:
public function search()
{
$criteria=new CDbCriteria;
if(!empty($this->query_search))
{
$criteria->condition = $this->query_search;
}
return new CActiveDataProvider($this, array(
'criteria'=>$criteria,
'Pagination' => array(
'PageSize' => 30,
),
));
}
I would like to ask, if there’s any better way to implement this (implementing each search field is unthinkable, since I need options like “not equal” and comparement of several conditions in the same field) and I’d also like to know, if this is secure.
I found several exceptions which cause problems, for example if I just enter "1;" (without quotation marks), it returns all results on one page, ignoring the pagination. This means, that thousands of records are just listed in one page. See second attachment.
Thanks for your help.