I have a very simple visualforce page and linking controller that will fetch records from a custom object. In this custom object there is a category field which I would like to filter against in the page, I would like to do this via URL parameters (unless someone else has a better idea).
i.e. eu1.salesforce.com/12345678/apex/MyNewsPage?cat=internal
If no parameter is passed then all categories should be shown as it currently does.
EDIT:
I would also like to know whether any sanitization needs to be done incase of SQL injections or if the parameter is manipulated (All real parameters will be displayed as links)
The following code is what I currently have for my MyNewsPage
Visualforce page:
<apex:page controller="NewsController">
You are looking at all News <br/>
<apex:dataTable value="{!newsitems}" var="article" id="theTable" rowClasses="odd,even"
styleClass="tableClass" columnClasses="col-img, col-title, col-date, col-link">
<apex:column >
<apex:outputText rendered="{!IF(article.Attachments.size > 0, TRUE, FALSE)}">
<apex:image url="{!URLFOR($Action.Attachment.Download, article.Attachments[0].Id)}" width="75" height="75"></apex:image>
</apex:outputText>
</apex:column>
<apex:column >
<apex:facet name="header">Article</apex:facet>
<apex:outputLink styleClass="article-header block" value="/{!article.id}">{!article.Title__c}</apex:outputLink>
<apex:outputText styleClass="date block" value="Published: {0,date,dd'/'MM'/'yyyy}">
<apex:param value="{!article.Publish_Date__c}" />
</apex:outputText>
<div class="postC">
<apex:outputText value="{!left(article.Content__c,300)}"/>
</div>
<apex:outputLink styleClass="block" value="/{!article.id}">Read More ></apex:outputLink>
</apex:column>
</apex:dataTable>
…
Controller extension:
public with sharing class NewsController{
public NewsController (){
CountTotalRecords= [SELECT COUNT() FROM News__c];
}
public Integer CountTotalRecords{get;set;}
public String QueryString {get;set;}
public Integer OffsetSize = 0;
private Integer QueryLimit = 20;
public string excerpt;
public list<News__c> lstItem {get;set;}
public map<id,string> newsmap{get;set;}
public list<News__c> getNewsItems(){
lstItem = new list<News__c>();
lstItem = [SELECT Id, Name, Title__C, Content__c, Publish_Date__c,
(Select Id, Name, LastModifiedDate
From Attachments
Order By LastModifiedDate DESC)
FROM News__c ORDER BY Publish_Date__c DESC, Name DESC LIMIT :QueryLimit OFFSET :OffsetSize];
return lstItem;
}
…
(The extra variables are used for pagination)
Best Answer
Not sure if this is what you're after but you can get the current page 'cat' parameter and build a dynamic SOQL query: