[SalesForce] Conditional parameter to change visualforce page and controller SQL

I have a very simple visualforce page and linking controller that will fetch records from a custom object. In this custom object there is a category field which I would like to filter against in the page, I would like to do this via URL parameters (unless someone else has a better idea).

i.e. eu1.salesforce.com/12345678/apex/MyNewsPage?cat=internal
If no parameter is passed then all categories should be shown as it currently does.

EDIT:
I would also like to know whether any sanitization needs to be done incase of SQL injections or if the parameter is manipulated (All real parameters will be displayed as links)

The following code is what I currently have for my MyNewsPage

Visualforce page:

<apex:page controller="NewsController">
You are looking at all News <br/>

    <apex:dataTable value="{!newsitems}" var="article" id="theTable" rowClasses="odd,even" 
styleClass="tableClass" columnClasses="col-img, col-title, col-date, col-link">
           <apex:column >
                 <apex:outputText rendered="{!IF(article.Attachments.size > 0, TRUE, FALSE)}">
                      <apex:image url="{!URLFOR($Action.Attachment.Download, article.Attachments[0].Id)}" width="75" height="75"></apex:image>
                 </apex:outputText>
           </apex:column>
           <apex:column >
                 <apex:facet name="header">Article</apex:facet>

                 <apex:outputLink styleClass="article-header block" value="/{!article.id}">{!article.Title__c}</apex:outputLink>
                 <apex:outputText styleClass="date block" value="Published: {0,date,dd'/'MM'/'yyyy}">
                      <apex:param value="{!article.Publish_Date__c}" /> 
                 </apex:outputText>

                 <div class="postC">
                 <apex:outputText value="{!left(article.Content__c,300)}"/>
                 </div>

                 <apex:outputLink styleClass="block" value="/{!article.id}">Read More ></apex:outputLink>
           </apex:column>
     </apex:dataTable>

Controller extension:

public with sharing class NewsController{

    public NewsController (){
        CountTotalRecords= [SELECT COUNT() FROM News__c];
    }

    public Integer CountTotalRecords{get;set;}
    public String QueryString {get;set;}
    public Integer OffsetSize = 0;
    private Integer QueryLimit = 20;

public string excerpt;
public list<News__c> lstItem {get;set;}
public map<id,string> newsmap{get;set;}


public list<News__c> getNewsItems(){
    lstItem = new list<News__c>();
    lstItem = [SELECT Id, Name, Title__C, Content__c, Publish_Date__c, 
                   (Select Id, Name, LastModifiedDate 
                   From Attachments 
                   Order By LastModifiedDate DESC) 
               FROM News__c ORDER BY Publish_Date__c DESC, Name DESC LIMIT :QueryLimit OFFSET :OffsetSize];
    return lstItem;
}

(The extra variables are used for pagination)

Best Answer

Not sure if this is what you're after but you can get the current page 'cat' parameter and build a dynamic SOQL query:

public list<News__c> getNewsItems(){
    lstItem = new list<News__c>();

    String category = Apexpages.currentPage().getParameters().get('cat');
    String query = 'SELECT Id, Name, Title__C, Content__c, Publish_Date__c, ';
    query += '(Select Id, Name, LastModifiedDate From Attachments Order By LastModifiedDate DESC) ';
    query += 'FROM News__c ';

    if (category != null)
    {
        query += 'WHERE Category__c = :category ';
    }

    query += 'ORDER BY Publish_Date__c DESC, Name DESC LIMIT :QueryLimit OFFSET :OffsetSize';

    lstItem = Database.query(query);
    return lstItem;
}
Related Topic