Pre filter list from url variables

[mioda]

HI
i have a url like:

/index.php?option=com_fabrik&view=list&listid=9&lon=9.154846300000031&lat=45.3977976

field: distance
condition: greater than
value:

TRUNCATE( 6363 * sqrt( POW( RADIANS(lat<---??) - RADIANS( latitudine ) , 2 ) + POW( RADIANS(lon<---??
) - RADIANS( longitudine ) , 2 ) ) , 3 )

type: query


how can I put "lon" and "lat" in the value field?

Thanks

 

[cheesegrits]

You should just be able to use {lon} and {lat}.

But be aware that this is potentially dangerous, as it'll be using non-sanitized query string inputs in a query. So potentially someone could put something nasty like &lon=DROP TABLE #__users

DO THIS AT YOUR OWN RISK.

-- hugh

 

[mioda]

thanks, it works, but as you said it is dangerous....
The lon and lati data come from a search form.
how can I get them and use to filter the list safely?

 

[troester]

You can use the "eval" type for value:
use php code to get the params and sanitize, something like (I didn't test)
$lat = (float)'{lat}';
...
return "TRUNCATE( 6363 * sqrt( POW( RADIANS($lat)...";

 

[cheesegrits]

That'd probably work.

-- hugh

 

[mioda]

You can use the "eval" type for value:
use php code to get the params and sanitize, something like (I didn't test)
$lat = (float)'{lat}';

work fine!!!

I am using eval with this code...

$lat = (float)'{lat}';
$lon = (float)'{lon}';

$distanza =(((acos(sin(($lat*pi()/180)) * sin((latitudine*pi()/180))+cos(($lat*pi()/180)) * cos((latitudine*pi()/180)) * cos((($lon-longitudine)*pi()/180))))*180/pi())*60*1.1515*1.609344) ;

return $distanza ;

Now "longitudine" and "latitudine" from the table to be filtered do not work.
what should I use to insert them correctly?

 

[cheesegrits]

You can't use table fields in the PHP. The PHP shouldn't try and return a value, it has to return a valid MySQL clause to be used in the WHERE.

$lat=(float)'{lat}';
$lon=(float)'{lon}';

return "TRUNCATE( 6363 * sqrt( POW( RADIANS($lat) - RADIANS( latitudine ) , 2 ) + POW( RADIANS($lon
) - RADIANS( longitudine ) , 2 ) ) , 3 )";

-- hugh

 

[mioda]

$lat=(float)'{lat}';
$lon=(float)'{lon}';

return "TRUNCATE( 6363 * sqrt( POW( RADIANS($lat) - RADIANS( latitudine ) , 2 ) + POW( RADIANS($lon
) - RADIANS( longitudine ) , 2 ) ) , 3 )";

-- hugh[/QUOTE]
I tried but this does not work

 

[mioda]

I solved by adding php code in the mycustom template list

 

[cheesegrits]

That's really not the way to go, much better to figure out doing it the right way, in the query.

-- hugh

 

[mioda]

I tried all the ways but in the query using "eval" did not work

 

[cheesegrits]

I've used similar expressions like that before in eval'ed filters.

If I get a minute, I'll test it for you here.

-- hugh

 

[mioda]

friendly bump

 

[cheesegrits]

I haven't had a minute yet.

-- hugh