Archive for the ‘tips’ Category

Enabling RSS URLs Creates a Security Hole

March 10th, 2013 Comments off

(Since version 2.5.1)

RSS URLs do required you to login to access them by default. You can create RSS URLs to add to any RSS feed reader to show some of all of the contents of a form. But to make it work with a feed reader that doesn’t allow you to login, you have to make such URLs publicly accessible.

How to Generate an RSS URL

Go to the WordPress administration page,

  • Contact Form DB -> Short Code
  • Choose a form
  • Choose “Export File” = “RSS
  • Choose a form fields for the “Item Title” (title for each item in RSS list)

This will display a URL that you can use as an RSS feed. But by default you must log into WordPress for the URL to work. Some RSS readers will not be able to use this URL because they cannot login. The URL is secure

How to Turn off Security

This creates a security hole whereby a savvy person could see (but not change) all the saved form data in your databaseIf someone knows or can guess one of your form names, they can easily work out the RSS URL needed to show the form’s data.

If you want to make RSS URLs like this publicly accessible, then go to the WordPress administration page,

  • Contact Form DB -> Options,
  • set “AllowRSS URLs” = “true

This option makes all RSS URLs that you could possibly generate publicly accessible. All form data can be viewed, it is only a matter of creating the right URL.


Categories: export, tips, troubleshooting Tags:

Making Short Code Perform Faster

March 18th, 2012 1 comment

Forms that have many thousands of entries can be slow to return query results or may cause you PHP page to run out of memory. A quick addition to your short code can make the query run by the short code faster and require less memory. This addition is unbuffered=”true”.

Example: change [cfdb-table form="form1"] with
[cfdb-table form="form1" unbuffered="true"]

However: this cannot be used if you are nesting a short code inside another short code that is also doing a query. It doesn’t work if two queries are running at the same time. An example might be nesting a cfdb short code inside a [cfdb-html] short code.

Technical: This option makes use of the PHP mysql_unbuffered_query function instead of mysql_query.

Categories: shortcode, tips Tags:

Avoiding “_wpcf7″ Fields

February 10th, 2012 13 comments

For Contact Form 7 Users: a recent update of the Contact Form 7 plugin seems to have added several new meta fields to form submissions. These automatically get saved by the CFDB plugin. If you look on the Database page in your administration panel,  you will see extra fields associated with new submissions:


You may view these fields as unwanted clutter.

To avoid saving these fields, go to the Database Options page,  and paste the list of fields in the following:



Since regular expressions can now be used in this field, you can achieve the same effect but putting in this:



Categories: tips, troubleshooting Tags:

Nesting Short Codes

November 26th, 2011 Comments off

(As of version 2.2.4)

The [cfdb-html] short code now will allow you to nest short codes within it. This can be any tag you like, but there is a special case where you can nest a different tag from this plugin.


[cfdb-html form="My Form"]
Here is a table submitted at ${Submitted}
[cfdb-table form="My Form" filter="submit_time=${submit_time}"]

In this case we nest a [cfdb-table] inside the [cfdb-html]. The special thing that we do is give the submit_time from the outer [cfdb-html] to the inner [cfdb-table]. Remember that [cfdb-html] prints out its template for every entry found in the database and replaces ${field-name} type values with the field values for each entry. In this case, we effectively pass the submit_time (a form submission unique id) from each [cfdb-html] entry to a [cfdb-table] short code via filter=”submit_time=${submit_time}”. The [cfdb-table] short code will find just that one element each time.

This can be inefficient because [cfdb-html] does a query, then for each entry found,  [cfdb-table] does a query. A more efficient solution is to follow the technique in Create Your Own Short Code.

NOTE: because of a limitation of WordPress, you cannot nest a [cfdb-html] inside a [cfdb-html]


Categories: shortcode, tips Tags:

Computing Percent of a Subset of Form Data

November 6th, 2011 Comments off

This is an example of a user-defined short code that I helped someone create and I thought it would be a good one to share.

My new friend Gillian created a web site to track Polio survivors currently living in Australia ( Visitors to the site can register and provide information about themselves. Gillian is capturing these submissions into her database using this plugin. She then wanted to add some graphs showing statistics on the data.

Specifically, she wanted to compute some percentages. Example: of those people who contracted Polio in Australia, how many were contracted in New South Wales?

The first thought would be to use the cfdb-value short code with function=”percent”. But cfdb-value does not give her what she wants. The issue: The calculation needs to exclude those people who contracted Polio in a different country (Those people made form submission because they are now living in Australia).

So we turned to creating our own short code. In this short code we want to first select only the subset of form submissions that indicate a case of Polio contracted in Australia, then determine the percentage of those that were from a particular state (e.g. New South Wales).

But we can do better; we created a general “percentage-of” short code where we can select those entries that constitute the total for the denominator, then count those that match the sub-criterion for the numerator (state=New South Wales in this case).

The approach to getting the total (denominator) is to use plugin’s “filter” capability to select the relevant entries (In this case, Polio cases contracted in Australia). Then in the code of our user-created short code, we loop through those results and count those that meet our sub-criterion (state=New South Wales), compute and output the percentage.

The short code placed on the page looks like this:

[percent-of form="Polio Register" filter="Overseas=N" field="PolioStateTerr" matching="New South Wales"]

Here, we used the built-in  form and filter short code attributes to select the entries of interest for the denominator (those from the register that are not overseas i.e. Polio cases contracted in Australia). Then we add two new short code attributes that our user-created short code PHP will need to handle. These are field and matching for the numerator.

The PHP for the short code is the following. You may wish to use this code since it can be applied generally.

require_once(ABSPATH .
$exp = new CFDBFormIterator();
$exp->export($atts['form'], $atts);
$total = 0;
$count = 0;
while ($row = $exp->nextRow()) {
    $total = $total + 1;
    if ($row[$atts['field']] == $atts['matching']) {
        $count = $count + 1;
$percentNum = 100.0 * $count / $total;
$percentDisplay = round($percentNum) . '%';
echo $percentDisplay;

The key element is in lines 9-10 which resolves to checking if a form entry’s PolioStateTerr field’s value is equal to the value “New South Wales”. If so, we increment $count. At the end we compute the percentage using $count/$total.

Categories: shortcode, tips Tags:

New feature: filter on relative time

October 10th, 2011 Comments off

As of version 2.2, you can filter by relative time to capture things like “since last week”

[cfdb-table form="Contact form" filter="submit_time>last week"]

Read more

Categories: notice, shortcode, tips Tags: