This documentation applies to version 2.6 and later
Summary of Shortcode Options
||Required. Designates the form to display. All rows and columns are displayed by default|
||Make short code only display output for user’s with minimum-required role. Choices are
WARNING: this setting is overridden by plugin setting in WP Admin page Contact -> Database Options -> Can See Submission when using shortcodes
||Limits columns to be shown to be those designated (comma-delimited list)|
||Does not show listed columns (comma-delimited list)|
||One number: limit=”10″ means show first 10 rows. Is the same as limit=”0,10″
Two Numbers: limit=”100,10″ means show 10 rows starting at row #100)
||Display 2 random rows from those that the short code finds. (Since 2.4)|
||Sort rows by designated columns. Use “column-name desc” to sort in descending (reverse) order|
||Select rows to display that have any cell with the search text in it (case insensitive). Intended to mimic behavior of the “Search” field in the DataTable|
||Select which rows to display based on filter expression. More powerful than “search”, it can filter on multiple columns with boolean and regular expressions. If both “search” and “filter” are specified, “search” is ignored.|
|Options specific to this shortcode|
||Set the encoding/format of the export file. Options are:
If not specified, CSVUTF8 is assumed.
||By default an HTML anchor tag is output to make a clickable link. setting urlonly=”true” makes the shortcode only output the URL text|
||By default an HTML anchor tag that is output is labeled “Export”. Use this option to change the text of that link.|
[cfdb-export-link form="your-form"] with optional
filter just like
The purpose of this tag is to output an HTML link which, when clicked, will download a file in a CSV or related format. This is the same as the export options available in the Database page in the WP admin area.
WARNING: When clicking your link, you will get a “Permission Denied” error unless the user has permission to see data according to the “Can See Submission data” option (see Database Options page). When a user has this access, he can then hand-craft URLs to download any and all data from any form in your database. Setting this option to “Anyone” opens up a security hole where any savvy user can construct URLs to see all the submitted form data you have. So use this option with care.
Some people wish to have only those results downloaded that are associated with a specific user. That can be accomplished. See the page on filter variable substitution using $user_login. But note that although the short code link only shows that user’s data, a savvy user can change the link to see other data. The security options in the plugin’s Options panel allow one to set what level of user can see data (Administration, Editor, etc.) but this is a all-or-nothing proposition. Users that can see data can see all the data. And hacking the URL output by this short code is an easy way to see data that was not intended by a shortcode.