1

我在我的控制器中创建了 sqlDataProvider 及其工作。我的问题是我不知道如何提供搜索字段,因为我没有使用搜索模型。

这是我的控制器中的代码

public function actionAnalisa()
{
    $sql =  "SELECT 
            tbl_permohonan.permohonan_id As permohonan_id, 
            user.id As id, 
            tbl_moderator.bm_id As bm_id, 
            tbl_bhgnmod.unit_kampuscawangan As unit_kampuscawangan, 
            tbl_bahagian.bahagian_nama As bahagian_nama, 
            tbl_unit.unit_nama As unit_nama

            FROM tbl_permohonan

            INNER JOIN user 
            ON tbl_permohonan.user_id=user.id

            INNER JOIN tbl_moderator 
            ON user.id=tbl_moderator.user_id

            INNER JOIN tbl_bhgnmod 
            ON tbl_moderator.bm_id=tbl_bhgnmod.bm_id

            INNER JOIN tbl_bahagian
            ON tbl_bhgnmod.bahagian_id=tbl_bahagian.bahagian_id

            INNER JOIN tbl_unit 
            ON tbl_bhgnmod.unit_id=tbl_unit.unit_id";

    $dataProvider = new SqlDataProvider([
                'sql' => $sql,
                ]);

    return $this->render('analisis', [
        // 'searchModel' => $searchModel,
        'dataProvider' => $dataProvider,
    ]);
}

这是我的看法

<?= GridView::widget([
           'dataProvider' => $dataProvider,
           'columns' => [
               ['class' => 'yii\grid\SerialColumn'],

               'permohonan_id',
               'id',
               'bm_id',
               'unit_kampuscawangan',
               'bahagian_nama',
               'unit_nama',
               //~ ['class' => 'yii\grid\ActionColumn'],
           ],
       ]); ?>
4

1 回答 1

4

我建议不要使用原始 SQL,尤其是在寻求提供搜索字段时,因为这会在应用程序中提供潜在的漏洞,并使其面临 SQL 注入攻击的可能性。相反,我会鼓励使用 Yiis 查询构建器或 DAO,如此处所述

话虽如此,我已经使用 Yiis 内置的查询生成器重写了您的代码。

public function actionAnalisa()
{
    // store any $_GET parameters passed for filtering via GridView
    $params = Yii::$app->request->queryParams;

    // use query builder instead of raw SQL to avoid SQL injection attacks
    $query = (new Query())
        ->select([
            'permohonan_id' => 'tbl_permohonan.permohonan_id',
            'id' => 'user.id',
            'bm_id' => 'tbl_moderator.bm_id',
            'unit_kampuscawangan' => 'tbl_bhgnmod.unit_kampuscawangan',
            'bahagian_nama' => 'tbl_bahagian.bahagian_nama',
            'unit_nama' => 'tbl_unit.unit_nama'
        ])
        ->from('tbl_permohonan')
        ->join('INNER JOIN', 'user', 'tbl_permohonan.user_id=user.id')
        ->join('INNER JOIN', 'tbl_moderator', 'user.id=tbl_moderator.user_id')
        ->join('INNER JOIN', 'tbl_bhgnmod', 'tbl_moderator.bm_id=tbl_bhgnmod.bm_id')
        ->join('INNER JOIN', 'tbl_bahagian', 'tbl_bhgnmod.bahagian_id=tbl_bahagian.bahagian_id')
        ->join('INNER JOIN', 'tbl_unit', 'tbl_bhgnmod.unit_id=tbl_unit.unit_id');

    // Adds additional WHERE conditions to the existing query but ignores empty operands
    $query->andFilterWhere(['like', 'tbl_permohonan.permohonan_id', $params['pid']])
          ->andFilterWhere(['like', 'user.id', $params['id']])
          ->andFilterWhere(['like', 'tbl_moderator.bm_id', $params['bm_id']])
          ->andFilterWhere(['like', 'tbl_bhgnmod.unit_kampuscawangan', $params['unitk']])
          ->andFilterWhere(['like', 'tbl_bahagian.bahagian_nama', $params['banama']])
          ->andFilterWhere(['like', 'tbl_unit.unit_nama', $params['unnama']]);

    // an ActiveDataProvider will accept a Query object instead of raw SQL
    $dataProvider = new ActiveDataProvider([
        'query' => $query,
    ]);

    return $this->render('analisis', [
        'dataProvider' => $dataProvider,
    ]);
}

请记住,您必须将以下内容添加到控制器文件的顶部。

use yii\data\ActiveDataProvider;
use yii\db\Query;

为了在视图文件的 GridView 中呈现搜索字段,您必须指定一个 filterModel,如此处所述

GridView 中的列允许您指定过滤器属性,该属性将使用该属性指定的 HTML 在列顶部呈现过滤器单元格。这些过滤器通过 GET 自动提交到同一页面,这就是为什么它们在控制器中使用此 GridView 中指定的名称进行处理。

<?
use yii\helpers\Html;
use yii\grid\GridView;
?>

<?= GridView::widget([
    'dataProvider' => $dataProvider,
    // filterModel must be set to render filter cells within GridView
    'filterModel' => true,
    'columns' => [
        ['class' => 'yii\grid\SerialColumn'],
        [
            // specify attribute to display
            'attribute' => 'permohonan_id',
            // filter attribute accepts HTML to render
            // in this case an input field of type string, with a name of 'pid'
            'filter' => Html::input('string', 'pid')
        ],
        [
            'attribute' => 'id',
            'filter' => Html::input('string', 'id')
        ],
        [
            'attribute' => 'bm_id',
            'filter' => Html::input('string', 'bmid')
        ],
        [
            'attribute' => 'unit_kampuscawangan',
            'filter' => Html::input('string', 'unitk')
        ],
        [
            'attribute' => 'bahagian_nama',
            'filter' => Html::input('string', 'banama')
        ],
        [
            'attribute' => 'unit_nama',
            'filter' => Html::input('string', 'unnama')
        ],
    ],
]); ?>
于 2016-06-21T10:32:21.900 回答