5709: Add special query field - Composr CMS feature tracker

ID	Project	Category	View Status	Date Submitted	Last Update

5709	Composr	core_fields	public	2024-04-19 22:21	2024-04-19 22:22

Reporter	PDStig	Assigned To	Guest
Priority	high	Severity	feature
Status	new	Resolution	open

Summary	5709: Add special query field
Description	Add a field that accepts a parameterised SQL query string as the default value and then renders the appropriate value being selected from the first row returned. The query string should allow Tempcode symbols like {$MEMBER} as well as the titles of other fields in the catalogue like {First Name} (which would compile to the value of said field on the same entry). Can also accept field IDs in the format {FIELD_#}. Also will need {TABLE_PREFIX} or something. Behind the scenes, Composr would strip out the pseudo-Tempcode symbols, replace them with the correct syntax for the parameterised function, evaluate the values, and pass in the values as the parameters. e.g. "SELECT username FROM {TABLE_PREFIX}f_members WHERE id={$MEMBER}" would, behind-the-scenes, become "SELECT username FROM cms_f_members WHERE id={1}", and the value of {$MEMBER} passed in as the first parameter into the parameterised function. The field itself would be read-only, so it cannot be defined when adding an entry, only when adding the field itself to a catalogue. Should probably be very specific, e.g. don't allow specifying full SQL syntax (force SELECT, require a specific column to select, force LIMIT 1, disallow anything that would be insecure) --- Although ideally we wouldn't use SQL at all, perhaps some form of filtercode / selectcode instead. SQL would not be secure, though generally only trusted staff would be able to add and edit catalogues anyway which is the only way to specify that. --- This type of field would have to operate async so that it can grab the values of any other field (except fields of its own type or other async fields) if requested in the syntax.
Additional Information	This would be a great way to enable display of dynamic values from the database which may depend on things like the logged in user, or what was input in other fields within the same entry.
Tags	Roadmap: Sponsorship
Attach Tags	(Separate by ",")

Time estimation (hours)
Sponsorship open

Date Added	Member	Amount Sponsored

View Status	Private (for security issues or disclosing of private information; if you submit as a guest, you will not be able to see your submission)
Note
Upload Files Maximum size: 32,768 KiB	Attach files by dragging & dropping, selecting or pasting them.
You are not logged in	You are not logged in. This means you will not get any e-mail notifications. And if you reply, we will not know for sure you are the original poster of the issue.

Date Modified	Username	Field	Change
2024-04-19 22:21	PDStig	Tag Attached: Roadmap: Sponsorship
2024-04-19 22:22	PDStig	Description Updated