Advanced Search In Ruby on Rails.

11175 · March 4, 2009, 4:51am

Hi all, I am doing with ruby on rail, now i am having a problem with advanced search by using multiple checkboxs and multiple radio.when i submited, it doesn't show the result.so i hope all of you will be try and take the time to do it for me by regard, thank in advance!

sincerely khim

Attachments: http://www.ruby-forum.com/attachment/3385/form_search.gif

MaD · March 4, 2009, 8:11am

heavy interface you got there. still, without your code nobody will be able to tell you where you went wrong.

khim · March 6, 2009, 3:29am

=================advanced_search.rhtml=========================

<%= stylesheet_link_tag

‘dynamicStyling’ %> <%

if params[:page] page = params[

:page]

else page =

1

end %>

View
Modify
History
Transfer
Reject
View Job Setup

PSS JOB DESCRIPTION - MODIFY

<%

if flash[:notice] %>

<%= flash[:notice] %>

<% end %> <% form_for

:tblpss_description_record, @tblpss_description_record, :url=>{ :action=>‘view_detail_job_setup’ }, :html=>{ :id=>‘frm_view_setup’, :name=>‘frm_view_setup’, :method => :get} do |f|%>

TIME

ALL

TODAY

ONE WEEK

TWO WEEK

THIS MONTH

TWO MONTH

THREE MONTH

SIX MONTH

PROVINCE

UNCHECK

ALL

PHNOM PENH

BANTEAY MEANCHEY

BATTAMBANG

KAMPONG CHAM

KAMPONG CHHNANG

KAMPONG SPEU

KAMPONG THOM

KAMPOT

KANDAL

KEP VILLE

KOH KONG

KRATIE

MONDOL KIRI

ODORMEANCHEY

PAILIN

PREAH VIHEAR

PREY VENG

PURSAT

RATTANAKIRI

SIEM REAP

SIHANOUK VILLE

STUNG SRENG

SVAY RIENG

TAKEO

TYPE OF JOB

UNCHECK

ALL

PREVENTIVE

CORRECTIVE

INSTALLATION

OTHER

EQUIPMENT PART

UNCHECK

ALL

ELECTRICITY

GENERATOR

RECTIFIER

BATTERY

AIR CONDITION

OTHER

DOWNTIME

UNCHECK

ALL

YES

NO

STATUS

UNCHECK

ALL

WORKING

PENDING

CLOSE

REJECTED

APPROVAL

UNCHECK

ALL

APPROVED

TEAM

UNCHECK

ALL

TEAM 1

TEAM 2

TEAM 3

TEAM 4

OTHER

STAFF NAME

UNCHECK

ALL

CHANDARA

CHAMNAN

CHENG

CHINVEY

CHHIM

DANO

DSOPHORN

KOSAL

KIMRIM

HEAN

MOASAM

NADA

RUMNEA

SOMANIN

SOPHY

SOPHAL

SOKHA

SARIN

SOKOUL

SAMNANG

PHEARIT

VENG

VANNAK

YOULEANG

<%

end %>

<a class=“cmd_submit clearfix”

onClick=“get_check_value();”>

SUBMIT

<a class=“cmd_submit clearfix”

onClick=“javascript:{}”>

CANCEL

================end==================

=============in advancedsearch Controller

def

Frederick_Cheung · March 6, 2009, 10:45am

<%= stylesheet_link_tag 'dynamicStyling' %>

You're going have to trim this down a lot - people answer questions on this list out of good will and for most people that doesn't include reading 500+ lines of code. I will say this: global variables yuck, I hope all those * symbols aren't actually in your code and you are opening yourself to sql injection Reduce your problem to a short example (you still haven't said what it is that isn't working) and you might get some help

Fred

M_Graff · March 15, 2009, 1:46am

With code like this:

def advanced_search $elementspro = params[:elementprovince] $elementstype = params[:elementstype] $elementsequipment = params[:elementsequipment] $elementdown = params[:elementdown] $elementstatus = params[:elementstatus] $elementapproval = params[:elementapproval] $elementteam = params[:elementteam] $elementstaffname = params[:elementstaffname] $frm_view_setup = params[:frm_view_setup] @tblpss_description_records = TblpssDescriptionRecord.paginate :page => params[:page], :conditions=>"province='" + $elementspro + "'" + "or type_of_job='" + $elementstype + "'" + "or equipment_part='" + $elementsequipment + "'" + "or sitedown='" + $elementdown + "'" + "or job_status='" + $elementstatus + "'" + "or job_status='" + $elementapproval + "'" + "or team_on_job='" + $elementteam + "'" + "or RecorderName='" + $elementstaffname + "'", :order => 'jobNo ASC', :per_page => $per_page end

you might as well post your database password in public. This is dangerous code. It allows SQL injection.

It's pretty clear you come from a PHP world. I suggest you read a few books on Ruby programming, and google a bit for "rails sql injection." Your code is a security nightmare.

Florian_Dutey · March 24, 2009, 1:55pm

You should really read basics about variable types in ruby. All your $... vars are globals. It's not threadsafe and really hugly.

You should really learn to give readable names to your vars

(ex: params[:elements][:province]).

Why

$elementspro = params[:elementprovince] #... :conditions => "province=" + $elementspro

instead of

:conditions => "province=" + params[:elementprovince]

???. your code will be more readable and threadsafe

Why

:conditions => "province=" + $element

instead of

:conditions => ['province = :elementprovince', params]

??? your code will be more readable AND SAFE!!!

I agree with Michael, you clearly come from php. Ruby is not php. First, there's threads like in any other correct language and it means you have to handle with. Second, in rails, every good practice is often (always?!) simpler to use than bad practice. Every rails tutorial use good SQL practice, why not you?

Even your html is ugly.

- Instead of millions of checkboxes, use multiple lists - Don't write your javascript in your html page - Don't use divs (or anything else) out of body - Don't declare body anywhere else than in your layouts - Don't use logic in view (page = params[:page]) => will_paginate handle nil params[:page] for you - Use cool syntax like: page = params[:page] || 1 - Don't use table, unless for tabular data presentation (table is a table, not a visual tool) - Don't use style propertie in html, use css in separated css file(s)

NEVER USE GLOBAL VARS! it's really rare when you can justify of their using. I think you're clearly not ready to use mvc and oop, go read manuals. You just proved, another time, that most of php coders suck.

khim · April 1, 2009, 3:20am

With code like this:

def advanced_search $elementspro = params[:elementprovince] $elementstype = params[:elementstype] $elementsequipment = params[:elementsequipment] $elementdown = params[:elementdown] $elementstatus = params[:elementstatus] $elementapproval = params[:elementapproval] $elementteam = params[:elementteam] $elementstaffname = params[:elementstaffname] $frm_view_setup = params[:frm_view_setup] @tblpss_description_records = TblpssDescriptionRecord.paginate :page => params[:page], :conditions=>"province='" + $elementspro + "'" + "or type_of_job='" + $elementstype + "'" + "or equipment_part='" + $elementsequipment + "'" + "or sitedown='" + $elementdown + "'" + "or job_status='" + $elementstatus + "'" + "or job_status='" + $elementapproval + "'" + "or team_on_job='" + $elementteam + "'" + "or RecorderName='" + $elementstaffname + "'", :order => 'jobNo ASC', :per_page => $per_page end

you might as well post your database password in public. This is dangerous code. It allows SQL injection.

It's pretty clear you come from a PHP world. I suggest you read a few books on Ruby programming, and google a bit for "rails sql injection." Your code is a security nightmare.

Florian_Dutey · April 24, 2009, 12:31pm

Please, please please

use readable names for your variables or class names

what does mean TblpssDescriptionRecord?

I tried to rewrite it to help you but it's really too ugly and really doesn't mean nothing.

STOP reassign your params vars, use:

params[:elementdown].each do |element_down| .... end if params[:elementdown]

and why do you repeat your find on each when? why not?

conditions = case xxx when ... then nil when ... then ['sitedown = ?', element_down] end

YourFuckingUnreadableModel.paginate(:conditions => conditions, :per_page => per_page, :page => page)

hu?

You should learn coding before ruby or rails.