Universal Search Filter Syntax

From Dolibarr ERP CRM Wiki
Jump to navigation Jump to search

The Universal Search Filter (also mentioned as USF) is the technical syntax, provided to developers, to define a filter in Dolibarr ERP CRM application.

When to use the USF

It is used by developers to:

  • build rules to filter some combo list, defined when creating a new object or property (into the property ->fields of an object class file)
  • build condition for some properties of extrafields (set into the page to edit extrafields).
  • to provide filters to some functions and methods into Dolibarr internal code.
  • to provide filters to some Ajax components.
  • to define filters on some requests on APIs.
  • to propagate securely filters in some tools, for example in the customreport.php tools.

Why to use the USF

The USF syntax has been introduced for two main reason:

  • To provide a secured way to propagate a filter from a component to another one, with no risk of injections.
  • To provide a generic solution to define a filter that follows structured rules making possible to convert it easily and programmaticaly into the expected language, whatever is this language (most often in SQL but also in PHP or Javascript).

Syntax of USF

A simple test in USF syntax is forged this way: Open parenthesis, then the first operand that is the field, then :, then the operator, then :, then the second operand that is the value, then the closing parenthesis.

  • The first operator allows only the following characters: a to z, 0 to 9, _, - and .
  • The operator can be: =, <, >, <=, >=, !=, in, notin, like, notlike, is, isnot (and nothing else).
  • If the value is a string, you must add simple quotes. If value is a date, it must use the international format (YYYY-MM-DD or YYYY-MM-DD HH:MM:SS) in the timezone of the server and be quoted too.

When using the in or notin operator, the character "," must be used to separate each possible value, the character "," can't be used inside the value. When using the operator "is" or "isnot", the only allowed value is "null".

Then, you can combine any simple test using parenthesis and OR or AND to forge combined tests.

Example of simple tests:

(t.mydatefield:>:'2024-01-01 10:00:00')

Example of combined tests:

((myfield:=:'mystringvalue') OR (myfield:>=:myintorfloatvalue))
((myfield:=:'mystringvalue') OR ((myfield:>=:myintorfloatvalue) AND (myfield:>:'2024-01-01 10:00:00')))

Convert USF in SQL

Dolibarr provide a method to validate, and convert an USF into a sanitized SQL string:

$errorstring = '';
$sqlcode = forgeSQLFromUniversalSearchCriteria('string_with_usf_syntax', $errorstring)

If the USF has a wrong syntax, the function will return the error into the $errorstring variable.