Store
Only variables that are known in a specified store can be substituted.
Name |
Description |
Content |
|---|---|---|
A |
Store: ACCESS - A: Not yet implemented. Planned for get access privileges |
|
B |
Store: BEFORE - B: Record - the current record loaded in the form before any update. |
All columns of the current record from the current table. See Store: BEFORE - B. |
C |
Store: CLIENT - C: POST variable, if not found: GET variable. |
Parameter sent from the Client (=Browser). See Store: CLIENT - C. |
D |
Default values column : The table.column specified default value. |
|
E |
Empty - always an empty string, might be helpful if a variable is empty or undefined and will be used in an SQL statement. |
Any key |
F |
Store: FORM - F: data not saved in database yet. |
All native FormElements. Recent values from the Browser. See: Store: FORM - F |
L |
Store: LDAP - L: Will be filled on demand during processing of a FormElement. |
Custom specified list of LDAP attributes. See Store: LDAP - L. |
M |
Column type: The table.column specified type. |
|
P |
Parent record. E.g.: on multi & copy forms the current record of the outer query. |
All columns of the MultiSQL Statement from the table for the current row |
R |
Store: RECORD - R: Record - the current record loaded in the form. |
All columns of the current record from the current table. See Store: RECORD - R. |
S |
Store: SIP - S: Client parameter ‘s’ will indicate the current SIP, which will be loaded from the SESSION repo to the SIP-Store. |
sip, r (recordId), form. See Store: SIP - S. |
T |
Store: TYPO3 (Bodytext) - T: a) Bodytext (ttcontent record), b) Typo3 internal variables. |
See Typo3 tt_content record configuration. See STORE_TYPO3. |
U |
Store: USER - U: Valid as long as the browser session lives and the user is logged in. Purged on user log out. Values saved on one page, are available on other pages. |
|
V |
Store: VARS - V: Generic variables. |
See Store: VARS - V. |
W |
|
|
Y |
Store: SYSTEM - Y: a) Database, b) helper vars for logging/debugging: SYSTEM_SQL_RAW … SYSTEM_FORM_ELEMENT_COLUMN, c) Any custom fields: CONTACT, HELP, … |
See Store: SYSTEM - Y. |
0 |
Zero - always value: 0, might be helpful if a variable is empty or undefined and will be used in an SQL statement. |
Any key |
Default <prio>: FSRVD - Form / SIP / Record / Vars / Table definition.
Hint: Preferable, parameter should be submitted by SIP, not by Client (=URL).
Warning: Data submitted via ‘Client’ can be easily spoofed and altered.
Best: Data submitted via SIP never leaves the server, cannot be spoofed or altered by the user.
SIPs can _only_ be defined by using Report. Inside of Report use columns ‘Link’ (with attribute ‘s’), ‘page?’ or ‘Page?’.
Store: FORM - F
Sanitized: yes
Represents the values in the form, typically before saving them.
Used for:
FormElements which will be rerendered, after a parent FormElement has been changed by the user.
FormElement actions, before saving the form.
Values will be sanitized by the class configured in corresponding the FormElement. By default, the sanitize class is alnumx.
Name |
Explanation |
|---|---|
<FormElement name> |
Name of native FormElement. To get, exactly and only, the specified FormElement (for ‘pId’): |
Store: SIP - S
Sanitized: no
Filled automatically by creating links. E.g.:
in Report by using
_page*or_link(with active ‘s’)in Form by using subrecords: new, edit, delete links (system) or by column type
_page*,_link.
Name |
Explanation |
|---|---|
sip |
13 char uniqid |
r |
current record id |
form |
current form name |
table |
current table name |
urlparam |
all non Typo3 parameter in one string |
<user defined> |
additional user defined link parameter |
Store: RECORD - R
Sanitized: no
Form: Current record.
Report: See Access column values
If r=0, all values are empty.
Values can be set in report via
SELECT 'value' AS '_<var name>:R'
Name |
Type | Explanation |
|
|---|---|---|
<column name> |
Form |
Name of a column of the primary table (as defined in the current form). Example: |
<column name> |
Report |
Name of a column of a previous fired SQL query. Example: |
&<column name> |
Report (final) |
Name of a column of a previous fired SQL query, typically used by columns with a Special column names.
Final value. Example: |
Store: BEFORE - B
Sanitized: no
Current record loaded in Form without any modification.
If r=0, all values are empty.
This store is handy to compare new and old values of a form.
Name |
Explanation |
|---|---|
<column name> |
Name of a column of the primary table (as defined in the current form). To get, exactly and only, the specified form FormElement: |
Store: CLIENT - C
Sanitized: yes
Length of variable content is limited to 50 chars by default. Check SECURITY_GET_MAX_LENGTH if more is needed.
Name |
Explanation |
|---|---|
<custom variable name> |
Custom defined parameter in URL after ? argument. Max content length is 50 chars. Check SECURITY_GET_MAX_LENGTH if more is needed. |
s |
=SIP |
r |
record id. Only if specified as GET parameter - typically stored in SIP (=STORE_SIP) |
form |
Name of form to load. Only if specified as GET parameter - typically stored in SIP (=STORE_SIP) |
HTTP_HOST |
current HTTP HOST |
REMOTE_ADDR |
Client IP address |
cookieQfq |
QFQ Browser Cookie (=Session) |
All HTTP Header variables |
SERVER_ADDR, SERVER_NAME, SERVER_SOFTWARE,SERVER_PROTOCOL, REQUEST_METHOD, REQUEST_TIME, REQUEST_TIME_FLOAT, QUERY_STRING, DOCUMENT_ROOT, HTTP_ACCEPT, HTTP_ACCEPT_CHARSET, HTTP_ACCEPT_ENCODING, HTTP_ACCEPT_LANGUAGE, HTTP_CONNECTION, HTTP_HOST, HTTP_REFERER, HTTP_USER_AGENT, HTTPS, REMOTE_ADDR, REMOTE_HOST, REMOTE_PORT, REMOTE_USER, REDIRECT_REMOTE_USER, SCRIPT_FILENAME, SERVER_ADMIN, SERVER_PORT, SERVER_SIGNATURE, PATH_TRANSLATED, SCRIPT_NAME, REQUEST_URI, PHP_AUTH_DIGEST, PHP_AUTH_USER, PHP_AUTH_PW, AUTH_TYPE, PATH_INFO, ORIG_PATH_INFO |
Authorization |
Value of the HTTP Header ‘Authorization’. This is typically not set. Mostly used for authentication of REST requests |
X-Api-Key |
Value of the HTTP Header ‘X-Api-Key’. This is typically not set. |
Tip
Variable names are case sensitive.
Store: TYPO3 (Bodytext) - T
Sanitized: no
Name |
Explanation |
API |
|---|---|---|
form |
Formname defined in ttcontent record bodytext
* Fix. E.g. form = person
* via SIP. E.g.
form = {{form:SE}} |
no |
pageId |
Record id of current Typo3 page |
no |
pageAbstract |
Abstract of current Typo3 page |
no |
pageAlias (DEPRECATED) |
Alias of current Typo3 page. If empty, take pageId. |
no |
pageSlug |
Slug of current Typo3 page. |
no |
pageDescription |
Description of current Typo3 page |
no |
pageKeywords |
Keywords of current Typo3 page |
no |
pageLanguage |
Current selected page language (typically URL parameter ‘L’) |
no |
pageNavTitle |
Alternative navigation title of current Typo3 page |
no |
pageTitle |
Title of current Typo3 page |
no |
pageType |
Current selected page type (typically URL parameter ‘type’) |
no |
ttcontentSubheader |
Subheader of the current ttcontent record |
no |
ttcontentUid |
Record id of current Typo3 content element |
no |
feUser |
Logged in Typo3 FE User |
yes |
feUserEmail |
Email of logged in Typo3 FE User (if given in T3) |
no |
feUserGroup |
FE groups of logged in Typo3 FE User |
yes |
feUserUid |
Logged in Typo3 FE User uid |
yes |
beUser |
Logged in Typo3 BE User |
yes |
beUserUid |
T3 Uid of logged in Typo3 BE User |
no |
beUserEmail |
Email of logged in Typo3 BE User (if given in T3) |
no |
beUserLoggedIn |
‘yes’ | ‘no’ - Status if a BE-User is logged in |
yes |
t3version |
Current T3 version |
no |
oidcResourceId |
OIDC frontend: the id of the last accessed resource |
no |
oidcProvider |
OIDC frontend: the identifier of the identity provider |
no |
oidcSub |
OIDC frontend: sub claim of the resource |
no |
oidcEmail |
OIDC frontend: email claim of the resource |
no |
oidcEmailVerified |
OIDC frontend: email_verified claim or null if not present |
no |
oidcGivenName |
OIDC frontend: given_name claim of the resource |
no |
oidcFamilyName |
OIDC frontend: family_name claim of the resource |
no |
API: available:
in Dynamic Update or
by FormElement class ‘action’ with type ‘beforeSave’, ‘afterSave’, ‘beforeDelete’, ‘afterDelete’.
oidc… Variables
Only available if the T3 oidc_client extension is installed.
Store: VARS - V
Sanitized: no
The store contains
automatically filled QFQ values and
optional custom values.
Values can be set in report via
SELECT 'value' AS '<var name>:V'F|FE.parameter.fillStoreVar = ...
QFQ values
Name |
Scope |
Explanation |
|---|---|---|
random |
Always |
Random string with length of 32 alphanum chars (lower & upper case). See {{random:V}}. |
slaveId |
FE any |
|
allRequiredGiven |
Form |
Form save - Set during check of all required FE. If every required FE is given: 1. Else: 0. If there is no required FE: 1.
Even with |
filename |
FE upload |
Original filename of an uploaded file via an ‘upload’-FormElement. Valid only during processing of the current ‘upload’-formElement. |
filenameUnique |
FE upload |
Used in |
filenameOnly |
FE upload |
Like filename, but without path. |
filenameBase |
FE upload |
Like filename, but without an optional extension. E.g. filename=’image.png’ comes to filenameBase=’image’ |
filenameExt |
FE upload |
Like filename, but only the optional extension. E.g. filename=’image.png’ comes to filenameExt=’png’ |
fileDestination |
FE upload |
Destination (path & filename) for an uploaded file. Defined in an ‘upload’-FormElement.parameter. Valid: same as ‘filename’. |
fileSize |
FE upload |
Size of the uploaded file. |
mimeType |
FE upload |
Mime type of the uploaded file. |
indexData |
Form / Report |
By default value of Settings > Extenions > QFQ > Database > indexData. |
{{filenameUnique:V}}
Uniqeness: A typical situation is to upload files by user to a dedicated directory. The user expects that it is possible to upload several files, even with the same filename, without problems. On download, the user expects also that the downloaded file is saved under the same, original, filename.
Obfuscation: Even a filename might contain sensitive data like <cv>-<firstname>_<lastname>.pdf. In case of an unwished
publication (a hacked server) or thievery, it is a security improvement to save a file with an obfuscated filename
(not a human understandable filename).
In STORE_VARS the variable {{filename:V}} contains the original filename and can be used in
FE.parameter.fileDestination = fileadmin/{{filename:V}} to specify a target upload folder and filename.
The variable {{filenameUnique:V}} is the original filename, base64 encoded, and added with an index in case of already
existing filename. During download, QFQ recognizes the special filename encoding and decode it. The user won’t notice
the encoding.
{{random:V}}
Random string with length of 32 alphanum chars (lower & upper case).
The variable
{{random:V}}is always filled.Hint: QFQ variables will be replaced before a SQL statement is fired.
Each access gives a new value.
Execution of a SQL statement is one access - therefore
SELECT '{{random:V}}' FROM Personwill give the same random value for all Person.Several
SELECT ...{{random:V}}...will give several different random values.
Uniqueness is added via PHP function uniqid()
This just prepends 13 chars at the beginning of the random string.
uniqid() is only a very precise timestamp - timestamp means it becomes bigger and bigger and the first characters stays the same.
These first 13 chars should not be taken as random! They will make uniqness for
{{random:V}}more likely.
fillStoreVar (custom values)
The directive fillStoreVar fills STORE_VARS with custom values:
# The values can be retrieved via `{{name:V}}` and `{{email:V}}`
fillStoreVar = {{! SELECT p.name, p.email FROM Person AS p WHERE p.id={{pId:S}} }}
fillStoreVar can be used in Form.parameter and FormElement.parameter.
If fillStoreVar is defined in Form and/or multiple FormElements:
Already existing variables with different names will be merged.
Already existing variables with same names will be overwritten by the latest definition.
Tip
Specify STORE_VARS explicit to avoid naming collision. E.g. {{person:V}} references cleary the STORE_VAR,
instead {person}} uses the default FSRVD, where as STORE_VARS is late on position 4 and might be overwritten
by STORE_FORM, STORE_SIP and STORE_RECORD.
Store: LDAP - L
Sanitized: yes
See also LDAP
Name |
Explanation |
|---|---|
<custom defined> |
See ldapAttributes |
Store: SYSTEM - Y
Sanitized: no
All settings can be accessed via this store. See Configuration for a list of all settings.
Additional variables:
Name |
Explanation |
|---|---|
qfqProjectPath |
Absolute path to the qfq project directory. See qfq.project.path.php |
Store: USER - U
Sanitized: no
At start of a new browser session (=user calls the website the first time or was logged out before) the store is empty. As soon as a value is set in the store, it remains as long as the browser session is alive (=until user logs out).
Values can be set in report via SELECT 'value' AS '_<var name>:U'
See also: STORE_USER examples
Store: ACCESS - A
Sanitized: yes
Preparation for an upcoming QFQ release - Don’t use now!
Determine access privileges and store them in STORE_ACCESS. Logic / queries to fill the store will be defined later.
Works the same as the USER store, will be filled probably by evaluating queries from system config. This store is cleared when the user logs out or when the browser session ends.
Values can be set in report via SELECT 'value' AS '_<var name>:A'
Store: WEB - W
At the start of the browser session, this store is empty.
Values are retained for the duration of the browser session and do not expire unless the session ends or the qfq
cookie expires.
Unlike the ACCESS and USER store, this one is not cleared when the user logs out. As a result, values persist even after logout and will still be available if a different user logs in during the same session.