Shortcode sql_where and filter for WP Data Access

Also, do you have a tutorial site that shows complete mapping between SQL commands and Filter use-cases in Shortcodes?
The examples you provided on this page is nice, but it would be very helpful if you have complete mapping.
https://wpdataaccess.com/docs/documentation/shortcodes/shortcode-wpdataaccess/

Can we do something like this? It returns empty list, but the row does exist.
[wpdadiehard table_name=”USER” filter_field_name=”USER_ROLE,USER_EMAIL” filter_field_value=”Road Warrior,[email protected]”]

Thanks.

• This reply was modified 4 years, 8 months ago by vasut.
• This reply was modified 4 years, 8 months ago by vasut.
• This reply was modified 4 years, 8 months ago by vasut.

Hi Vasut,

I had to take out the sql_where parameter for security reasons. You should be able to use the new parameters filter_field_name and filter_field_value, but for some reason SVN does not update that file correctly. It is available in SVN but not in the download.

To solve this issue you can download this ZIP file:
https://drive.google.com/file/d/1PDKS4lcLpRPt6lOmexcsmgo0ywjs69uw/view?usp=sharing

It contains the correct version of WPDA_Data_Tables.php, which uses the filter parameters correctly. Can you please upload this file into the plugin sub directory:
wp-data-access\WPDataAccess\Data_Tables

Please let me know if this solves your problem. Sorry for the inconvenience!

Best regards,
Peter

Hi Peter,
Thank you for the quick clarification.
I’m using WP Data Access inside HostGator, which is only accessible through the GUI provided.
I went to Edit Plugin and selected WP Data Access, and went into the directory structure
wp-data-access\WPDataAccess\Data_Tables
I don’t see any button to upload the new file over the old file.
Should I do Select-All on the new file content and replace the old content with the new content and save the file back, just like that?

– Vasut

I backed up the old content to my local drive, and replaced it with the new content.
I deactivated the plugin and re-activated it.
Still not working.
Is there a left-over cache anywhere I need to refresh?

Thanks.

• This reply was modified 4 years, 8 months ago by vasut.
• This reply was modified 4 years, 8 months ago by vasut.

Further more, I tested by removing part of the code (the dependencies – use …) and refreshed the page. Sure enough, the page shows error of missing components. So, I put it back and the error was gone.
This means the effect from edit to page is immediate.

The fact that it’s still not working, could it mean that some dependency components also need to be updated with their new versions?

Thanks,
Vasut

Hi Vasut,

Can you use the plugin editor and change line 362 of file wp-data-access\WPDataAccess\Data_Tables\WPDA_Data_Tables.php from:
"{$filter_field_name_array[ $i ]}like %s ", [ $filter_field_value_array[ $i ] ]
to:
" where{$filter_field_name_array[ $i ]}like %s ", [ $filter_field_value_array[ $i ] ]

Thanks,
Peter

• This reply was modified 4 years, 8 months ago by Passionate Programmer Peter.

Hi Vasut,

I have finally been able to update the plugin on SVN. If you re-install the plugin it should work now. Make sure you disable the uninstall settings before you delete the plugin. Otherwise your publications and projects will be deleted. This is how you disable the uninstall settings:
– Go to Settings menu
– Sub menu WP Data Access
– Tab Uninstall
– Uncheck both checkboxes
– Save setting

Sorry for the inconvenience! Let me know if this works…

Best regards,
Peter

Hi Peter,
Now, it works, but for a single filter.
I’m testing a few use cases with multiple filtering and I have questions.
This is my table, named USER:

USER_ID        USER_ROLE               USER_PHONE1        USER_EMAIL
Data Soong     Cybernetic-Scientist    313.867.5309       [email protected]
Noonian Soong  Cybernetic Scientist                       [email protected]
Mad Max        Road Warrior            123-456-7890       [email protected]

Use Case 1:
[wpdataaccess pub_id=”1″ filter_field_name=”USER_ROLE” filter_field_value=”Cybernetic Scientist”]
Returns: Noonian Soong
This is correct.

Use Case 2:
[wpdataaccess pub_id=”1″ filter_field_name=”USER_ROLE” filter_field_value=”Cybernetic Scientist,Road Warrior”]
Returns: All rows
Maybe my filter params are incorrect?

Use Case 3:
[wpdataaccess pub_id=”1″ filter_field_name=”USER_ROLE,USER_PHONE1″ filter_field_value=”Cybernetic-Scientist,123-456-7890″]
Returns: No matching records found
This result doesn’t look right. I followed this example:
[wpdataaccess pub_id=”6″ filter_field_name=”job,ename” filter_field_value=”president,ford”]

Do you have a tutorial/reference page summarizing the AND, OR, NOT, IN and all other SQL operations and examples how to use them in Filters?
The concept of filter is new to us, and we need extensive comparison/use cases to get us up to speed in transitioning from the SQL Where clause to Filter parameters.

Another question:
How are other sites already in production impacted by the transition from sql_where to Filters, requiring a major change in Shortcode? They’d normally have trmendous amount of data and pages. The fact that my POC using sql_where suddenly stopped working suggests that the change is not backward compatible with the existing sql_where in the Shortcode.

Thanks,
Vasut

• This reply was modified 4 years, 8 months ago by vasut.
• This reply was modified 4 years, 8 months ago by vasut.
• This reply was modified 4 years, 8 months ago by vasut.
• This reply was modified 4 years, 8 months ago by vasut.
• This reply was modified 4 years, 8 months ago by vasut.

Hi Vasut,

Parameters filter_field_name and filter_field_value can be used to add multiple search conditions. Your example:
[wpdataaccess pub_id="1" filter_field_name="USER_ROLE,USER_PHONE1" filter_field_value="Cybernetic-Scientist,123-456-7890]

Adds:
USER_ROLE = 'Cybernetic-Scientist' and USER_PHONE1 = '123-456-7890'

In general:
filter_field_name1 = filter_field_value1 and filter_field_name1 = filter_field_value1 amd filter_field_name..N = filter_field_value..N

Where N represents the position in the comma seperated value list. If the number of conditions of filter_field_name does not match the number of conditions of filter_field_value, the filter is invalid and cannot be used. This will show all rows.

AND, OR, NOT, IN operators cannot be used with this filter. The default WHERE clause of your publication allows to add these kind of conditions. Can you use the default WHERE clause? If not, why not? Can you provide some details so I understand your requirements? Maybe we can find another solution together?

Current status of the update: I had a few questions from other users. So far, they have been able to either update to the new filter parameters or use the default where clause of their publication.Not all plugin users might not have noticed the update yet…

Sorry your’re running into this issue. Please let me know how I can help you in the best possible way…

Best regards,
Peter

Thank you, Peter. Your dedication to help all of us is already greatly appreciated.
It’s very good to work with a professional like you. Kudos!

The explanation you’ve detailed clarifies why the example results in ‘No matching records found’. This is because it’s an AND operation. Sorry, my bad. I assumed ‘,’ was an OR operation, and it didn’t occur to me. ??

So, how do we build the filters for OR operator?
I tried to guess the syntax and found interesting results.

[wpdataaccess pub_id="1" filter_field_name="USER_ROLE" filter_field_value="Cybernetic Scientist" filter_field_name="USER_PHONE1" filter_field_value="313.867.5309"]
Result: One row

USER_ID        USER_ROLE               USER_PHONE1        USER_EMAIL
Data Soong     Cybernetic-Scientist    313.867.5309       [email protected]

When I re-ordered the pairs and put USER_PHONE1 pair first:
[wpdataaccess pub_id="1" filter_field_name="USER_PHONE1" filter_field_value="313.867.5309" filter_field_name="USER_ROLE"?filter_field_value="Cybernetic Scientist"]
Result: Two rows

USER_ID        USER_ROLE               USER_PHONE1        USER_EMAIL
Data Soong     Cybernetic-Scientist    313.867.5309       [email protected]
Noonian Soong  Cybernetic Scientist                       [email protected]

• This reply was modified 4 years, 8 months ago by vasut.

Hi Vasut,

It looks like the tag loaded last will take precedence in case of a duplicate tag. This is not gonna help you to build an other conditions. The only way to add a safe filter to support more conditions is to add more parameters I guess.

Do you have any suggestions? What are your requirements? If you prefer to send them in private you can use the contectform on the website.

Best regards,
Peter

Hi Peter,
The project we’re working on is an inverntory system. It’ll be heavy on its ability to produce reports on the inventory of the items in different aspects that the client wants.
So, all the SQL WHERE operators would be in use to leverage the search into the database.

This means AND, OR, their combinations, nested clauses, IN, LIKE, all of that would be used.

Currently, you have comma (‘,’) as AND. But, this takes away the character ‘,’ that may appear in the content. For example, in the database, if I capture multiple roles like ‘CEO, CTO’, I may have to wrap it under a single quote to segregate it from the AND operator.

How would we do an OR operator? Instead of ‘,’ what separator can we use for OR?
What about the IN and LIKE operators?

Proposal

Would it work if something like this is interpretable:
Allowing the ‘OR’ and ‘AND’ operator between any two conditional name-value pairs.
While this resembles WHERE clause, it’ll enhance the flexibility in the clause by segregating the operator from within the name-value parameters themselves.

Example:
[wpdataaccess pub_id=”1″ filter_field_name=”USER_PHONE1″ filter_field_value=”313.867.5309″ OR filter_field_name=”USER_ROLE” filter_field_value=”Cybernetic Scientist”]

This could be for the IN operator:
[wpdataaccess pub_id=”1″ filter_field_name=”USER_ROLE” filter_field_value IN “CEO,CTO”]

This could be for the LIKE operator:
[wpdataaccess pub_id=”1″ filter_field_name=”USER_ROLE” filter_field_value LIKE “Cybernetic%”]

What do you think?

Thanks,
Vasut

• This reply was modified 4 years, 8 months ago by vasut.
• This reply was modified 4 years, 8 months ago by vasut.
• This reply was modified 4 years, 8 months ago by vasut.

Hi Vasut,

Thank you for your explanation! Now I understand why this is important for you.

I understand your examples, but I’m afraid we wont be able to use those arguments in a shortcode.

Is there a list of conditions (where clauses) the user can select from? Or is it generated on the fly? Or another way…? Would it be possible to store the condition (for example in options or usermeta) and then use it in the shortcdode?

If we can create a where clause that is not editable by the user, you add use just any where clause to a publication. That would be a safe way. We just need to make sure it is not vulnerable to sql injection.

What is your time frame? When do you need this to go live?

Thanks,
Peter

Hi Peter,
Time frame is not very tight. Client understands that WordPress and plugins, Shortcode and PHP, these goodies are all new to us.
We’re at the state of working on a demo-able POC for them. While we have time to wiggle, it should be reasonable. We should not take like a year long, just to show them something appealing, or they might go to someone else. ??

For POC, we’re planning to allow a user to select a report from a list of static links, e.g.:
Reports
1. Team Members (Name, Phone, Email, Availability, …)
2. Items report (Item Desc, car Make-Model, Qty Ordered, Qty Used, Qty Damaged, Qty In-Stock)
3. …

Since Shortcode is embedded in the PHP page, I guess it’s vulnerable to SQL Injection. But, I’m still not clear about that. Filter params would also expose column names as would sql_where clause. My knowledge in that topic is quite limited.

Some examples of usage could be to search for a section of members like these:

1.
[wpdataaccess table=”USER” sql_where=”USER_ROLE IN (‘Cybernetic Scientist’,’CTO’)

2.
[wpdataaccess table=”USER” sql_where=”USER_ROLE=’Cybernetic Scientist’ OR USER_ROLE LIKE (‘%CTO%’) OR USER_PHONE1 LIKE ‘%daystrom-institute%'”]

How would these two clauses be translated into Filter parameterized Shortcodes? If they can, then we would’ve jumped over a major hurdle in our challenges.

Thanks,
Vasut

• This reply was modified 4 years, 8 months ago by vasut.
• This reply was modified 4 years, 8 months ago by vasut.
• This reply was modified 4 years, 8 months ago by vasut.

Hi Vasut,

I don’t see your post here, but I read it in my mail…

If the number of reports is limited, would it be an idea to create multiple publications and add you conditions there? That is the safest way to do it. And the simplest! Your shortcodes would look like this:
[wpdataaccess pub_id="7"]

Regarding the sql injection, the sql_where cannot be prepared. Seperate filter arguments can. That’s why I took out the sql_where.

Let’s think about it… We’ll find a way! Maybe you can drop a private mail through the plugin contactform and we’ll discuss this topic further in private?

Best regards,
Peter