Searchable don't work and question on query

[SparrowDevPro]

Hi, Sorry if it is bad english I am french. 1// I am using FoF for a project but I have some issue with the selectable header field type. It is not working for me. Here is the code :

<?xml version="1.0" encoding="UTF-8"?>
<form type="browse" show_header="1" show_filters="1" show_pagination="1" norows_placeholder="COM_RDV_COMMON_NORECORDS">
  <headerset>
    <header name="rdv_date_id" type="RowSelect" label="ID" sortable="true" tdwidth="20"/>
    <header name="request_id" searchfieldname="request_id" type="Searchable" label="ID de la request" tdwidth="20"/>
    <header name="title"  label="COM_RDV_REQUESTS_TITLE_LABEL" tdwidth="20" />
    <header name="start_time" type="Field" label="DEBUT" sortable="true" tdwidth="100"/>
    <header name="end_time" type="Field" label="FIN" sortable="true" tdwidth="100"/>
  </headerset>
  <fieldset name="items">
    <field name="rdv_date_id" type="RowSelect"/>
    <field name="request_id" />
    <field name="title" name_from="request_id" type="sql" key_field="rdv_request_id" value_field="title" query="SELECT rdv_request_id,title FROM #__rdv_requests" />
    <field name="start_time" type="Field"/>
    <field name="end_time" type="Field"/>
  </fieldset>
</form>

The searchable is on this line : <header name="request_id" searchfieldname="request_id" type="Searchable" label="ID de la request" tdwidth="20"/>

But when i am on the web site view and try to search the field nothing happen. Do u know why ?

2// I also take this opportunity to ask for your help regarding the sql field. Is there a way to do multiple query ? Like this ==> SELECT abc FROM table2 WHERE def =(SELECT ... FROM table1 WHERE (???) LIMIT 1) Because how to specify the (???) in order it correspond to something like id=( name_from="request_id").

Something like that.

Hope u have understand my 2 questions.

Thanks in advance for ur reply.

[SparrowDevPro]

About the query it is the same problem when I want to do a count on a particular id. Like this : <field name="creneau_nbr" name_from="rdv_request_id" type="sql" key_field="request_id" value_field="creneau_number" query="SELECT request_id,COUNT(request_id) AS creneau_number FROM #__rdv_dates WHERE request_id = ??? " />

the ??? should be the <> parameter ("rdv_request_id") . But when i put rdv_request_id of course I have an error because on the view, the query don't know what is rdv_request_id.

How can i solve this problem ?

Thanks

[nikosdion]

The Searchable field only renders a field which submits something in the POST request. Handling it to perform the actual filtering is the job of the Model. Assuming you are using a regular DataModel, without overriding the SQL query it generates, you need to add the Filter behavior to it, e.g. through fof.xml. If you are overriding the query you need to check for the existence of a request_id value in the request and filter by it.

Regarding the SQL field, it does not allow back references to the request data. That would be VERY INSECURE since you’d be injecting raw user data into a SQL query. This is exactly how you get hacked! Never trust your user data. In fact, always treat your user data as malicious unless proven innocent.

What you are looking for is probably the Model field. Please note that you still do not look into the user submitted data but the request_id value of the currently displayed item. While they appear the same to you, the difference is that the request_id value of the currently displayed item is guaranteed to exist, sanitized and of the correct type and by using the Model field this value is properly filtered and sanitized again before being included in a SQL query.

[SparrowDevPro]

Thank you very much for ur fast reply. In fact I am working on a component which is not a production of mine but Juola from joomprod And the guy do nothing right, for example there is any Models file. So hard to do something on that dirty code !!! I was trying to find a quick solution...but u are right it is totaly insecure ! I will have to reorganise the entire code.

Thanks a lot again