Advanced Search In Ruby on Rails.

Hi all,
   I am doing with ruby on rail, now i am having a problem with advanced
search by using multiple checkboxs and multiple radio.when i submited,
it doesn't show the result.so i hope all of you will be try and take the
time to do it for me by regard, thank in advance!

       sincerely
             khim

Attachments:
http://www.ruby-forum.com/attachment/3385/form_search.gif

heavy interface you got there. still, without your code nobody will be
able to tell you where you went wrong.

=================advanced_search.rhtml=========================

<%= stylesheet_link_tag

‘dynamicStyling’ %>
<%

if params[:page]
page = params[

:page]

else
page =

1

end
%>

function changeBoxes(action) { var f = document.frm_view_setup; var elms = f.elementdown; for( var i = 0; i < elms.length; i++ ) { if( elms[i].type != 'checkbox' ){ continue; } if( action < 0 ){ elms[i].checked = elms[i].checked ? 0 : 1; } else { elms[i].checked = action; } } } function changeBoxesProvince(action) { var f = document.frm_view_setup; var elms = f.elementprovince; for( var i = 0; i < elms.length; i++ ) { if( elms[i].type != 'checkbox' ){ continue; } if( action < 0 ){ elms[i].checked = elms[i].checked ? 0 : 1; } else { elms[i].checked = action; } } } function changeBoxesTypejob(action) { var f = document.frm_view_setup; var elms = f.elementstype; for( var i = 0; i < elms.length; i++ ) { if( elms[i].type != 'checkbox' ){ continue; } if( action < 0 ){ elms[i].checked = elms[i].checked ? 0 : 1; } else { elms[i].checked = action; } } } function changeBoxesequipment(action) { var f = document.frm_view_setup; var elms = f.elementsequipment; for( var i = 0; i < elms.length; i++ ) { if( elms[i].type != 'checkbox' ){ continue; } if( action < 0 ){ elms[i].checked = elms[i].checked ? 0 : 1; } else { elms[i].checked = action; } } } function changeBoxesStatus(action) { var f = document.frm_view_setup; var elms = f.elementstatus; for( var i = 0; i < elms.length; i++ ) { if( elms[i].type != 'checkbox' ){ continue; } if( action < 0 ){ elms[i].checked = elms[i].checked ? 0 : 1; } else { elms[i].checked = action; } } } function changeBoxesApproval(action) { var f = document.frm_view_setup; var elms = f.elementapproval; for( var i = 0; i < elms.length; i++ ) { if( elms[i].type != 'checkbox' ){ continue; } if( action < 0 ){ elms[i].checked = elms[i].checked ? 0 : 1; } else { elms[i].checked = action; } } } function changeBoxesTeam(action) { var f = document.frm_view_setup; var elms = f.elementteam; for( var i = 0; i < elms.length; i++ ) { if( elms[i].type != 'checkbox' ){ continue; } if( action < 0 ){ elms[i].checked = elms[i].checked ? 0 : 1; } else { elms[i].checked = action; } } } function changeBoxesStaffName(action) { var f = document.frm_view_setup; var elms = f.elementstaffname; for( var i = 0; i < elms.length; i++ ) { if( elms[i].type != 'checkbox' ){ continue; } if( action < 0 ){ elms[i].checked = elms[i].checked ? 0 : 1; } else { elms[i].checked = action; } } } function get_check_value() { var c_value_pro = ""; for (var i=0; i < document.frm_view_setup.elementprovince.length; i++) { if (document.frm_view_setup.elementprovince[i].checked) { c_value_pro = c_value_pro + document.frm_view_setup.elementprovince[i].value; } } var c_value_type = ""; for (var i=0; i < document.frm_view_setup.elementstype.length; i++) { if (document.frm_view_setup.elementstype[i].checked) { c_value_type = c_value_type + document.frm_view_setup.elementstype[i].value; } } var c_value_equip = ""; for (var i=0; i < document.frm_view_setup.elementsequipment.length; i++) { if (document.frm_view_setup.elementsequipment[i].checked) { c_value_equip = c_value_equip + document.frm_view_setup.elementsequipment[i].value; } } var c_value_downtime = ""; for (var i=0; i < document.frm_view_setup.elementdown.length; i++) { if (document.frm_view_setup.elementdown[i].checked) { c_value_downtime = c_value_downtime + document.frm_view_setup.elementdown[i].value; } } var c_value_status = ""; for (var i=0; i < document.frm_view_setup.elementstatus.length; i++) { if (document.frm_view_setup.elementstatus[i].checked) { c_value_status = c_value_status + document.frm_view_setup.elementstatus[i].value; } } var c_value_approval = ""; for (var i=0; i < document.frm_view_setup.elementapproval.length; i++) { if (document.frm_view_setup.elementapproval[i].checked) { c_value_approval = c_value_approval + document.frm_view_setup.elementapproval[i].value; } } var c_value_team = ""; for (var i=0; i < document.frm_view_setup.elementteam.length; i++) { if (document.frm_view_setup.elementteam[i].checked) { c_value_team = c_value_team + document.frm_view_setup.elementteam[i].value; } } var c_value_staffname = ""; for (var i=0; i < document.frm_view_setup.elementstaffname.length; i++) { if (document.frm_view_setup.elementstaffname[i].checked) { c_value_staffname = c_value_staffname + document.frm_view_setup.elementstaffname[i].value; } } window.location = "/jobview/view_detail_job_setup?province="+c_value_pro+"&type_of_job="+c_value_type+"&equipment_part="+c_value_equip+"&sitedown="+c_value_downtime+"&job_status="+c_value_status+"&job_status="+c_value_approval+"&team_on_job="+c_value_team+"&RecorderName="+c_value_staffname; }
PSS JOB DESCRIPTION - MODIFY
<%

if flash[:notice] %>

<%= flash[:notice] %>
<% end %>
<% form_for

:tblpss_description_record, @tblpss_description_record, :url=>{ :action=>‘view_detail_job_setup’ }, :html=>{ :id=>‘frm_view_setup’, :name=>‘frm_view_setup’, :method => :get} do |f|%>

TIME

ALL

TODAY

ONE WEEK

TWO WEEK

THIS MONTH

TWO MONTH

THREE MONTH

SIX MONTH

PROVINCE

UNCHECK

ALL

PHNOM PENH

BANTEAY MEANCHEY

BATTAMBANG

KAMPONG CHAM

KAMPONG CHHNANG

KAMPONG SPEU

KAMPONG THOM

KAMPOT

KANDAL

KEP VILLE

KOH KONG

KRATIE

MONDOL KIRI

ODORMEANCHEY

PAILIN

PREAH VIHEAR

PREY VENG

PURSAT

RATTANAKIRI

SIEM REAP

SIHANOUK VILLE

STUNG SRENG

SVAY RIENG

TAKEO

TYPE OF JOB

UNCHECK

ALL

PREVENTIVE

CORRECTIVE

INSTALLATION

OTHER

EQUIPMENT PART

UNCHECK

ALL

ELECTRICITY

GENERATOR

RECTIFIER

BATTERY

AIR CONDITION

OTHER

DOWNTIME

UNCHECK

ALL

YES

NO

STATUS

UNCHECK

ALL

WORKING

PENDING

CLOSE

REJECTED

APPROVAL

UNCHECK

ALL

APPROVED

TEAM

UNCHECK

ALL

TEAM 1

TEAM 2

TEAM 3

TEAM 4

OTHER

STAFF NAME

UNCHECK

ALL

CHANDARA

CHAMNAN

CHENG

CHINVEY

CHHIM

DANO

DSOPHORN

KOSAL

KIMRIM

HEAN

MOASAM

NADA

RUMNEA

SOMANIN

SOPHY

SOPHAL

SOKHA

SARIN

SOKOUL

SAMNANG

PHEARIT

VENG

VANNAK

YOULEANG

<%

end %>

<a class=“cmd_submit clearfix”

onClick=“get_check_value();”>

SUBMIT

<a class=“cmd_submit clearfix”

onClick=“javascript:{}”>

CANCEL
================end==================

=============in advancedsearch Controller

def

<%= stylesheet_link_tag 'dynamicStyling' %>

You're going have to trim this down a lot - people answer questions on
this list out of good will and for most people that doesn't include
reading 500+ lines of code. I will say this: global variables yuck, I
hope all those * symbols aren't actually in your code and you are
opening yourself to sql injection
Reduce your problem to a short example (you still haven't said what it
is that isn't working) and you might get some help

Fred

With code like this:

def advanced_search
  $elementspro = params[:elementprovince]
  $elementstype = params[:elementstype]
  $elementsequipment = params[:elementsequipment]
  $elementdown = params[:elementdown]
  $elementstatus = params[:elementstatus]
  $elementapproval = params[:elementapproval]
  $elementteam = params[:elementteam]
  $elementstaffname = params[:elementstaffname]
  $frm_view_setup = params[:frm_view_setup]
  @tblpss_description_records = TblpssDescriptionRecord.paginate :page
=> params[:page], :conditions=>"province='" + $elementspro + "'" + "or
type_of_job='" + $elementstype + "'" +
"or equipment_part='" + $elementsequipment + "'" + "or sitedown='" +
$elementdown + "'" + "or job_status='" + $elementstatus + "'" +
"or job_status='" + $elementapproval + "'" + "or team_on_job='" +
$elementteam + "'" + "or RecorderName='" + $elementstaffname + "'",
:order => 'jobNo ASC', :per_page => $per_page
end

you might as well post your database password in public. This is
dangerous code. It allows SQL injection.

It's pretty clear you come from a PHP world. I suggest you read a few
books on Ruby programming, and google a bit for "rails sql injection."
Your code is a security nightmare.

You should really read basics about variable types in ruby.
All your $... vars are globals. It's not threadsafe and really hugly.

You should really learn to give readable names to your vars

(ex: params[:elements][:province]).

Why

$elementspro = params[:elementprovince]
#...
:conditions => "province=" + $elementspro

instead of

:conditions => "province=" + params[:elementprovince]

???. your code will be more readable and threadsafe

Why

:conditions => "province=" + $element

instead of

:conditions => ['province = :elementprovince', params]

??? your code will be more readable AND SAFE!!!

I agree with Michael, you clearly come from php. Ruby is not php.
First, there's threads like in any other correct language and it means
you have to handle with.
Second, in rails, every good practice is often (always?!) simpler to
use than bad practice. Every rails tutorial use good SQL practice, why
not you?

Even your html is ugly.

- Instead of millions of checkboxes, use multiple lists
- Don't write your javascript in your html page
- Don't use divs (or anything else) out of body
- Don't declare body anywhere else than in your layouts
- Don't use logic in view (page = params[:page]) => will_paginate
handle nil params[:page] for you
- Use cool syntax like: page = params[:page] || 1
- Don't use table, unless for tabular data presentation (table is a
table, not a visual tool)
- Don't use style propertie in html, use css in separated css file(s)

NEVER USE GLOBAL VARS! it's really rare when you can justify of their
using.
I think you're clearly not ready to use mvc and oop, go read manuals.
You just proved, another time, that most of php coders suck.

With code like this:

def advanced_search
$elementspro = params[:elementprovince]
$elementstype = params[:elementstype]
$elementsequipment = params[:elementsequipment]
$elementdown = params[:elementdown]
$elementstatus = params[:elementstatus]
$elementapproval = params[:elementapproval]
$elementteam = params[:elementteam]
$elementstaffname = params[:elementstaffname]
$frm_view_setup = params[:frm_view_setup]
@tblpss_description_records = TblpssDescriptionRecord.paginate :page
=> params[:page], :conditions=>"province='" + $elementspro + "'" + "or
type_of_job='" + $elementstype + "'" +
"or equipment_part='" + $elementsequipment + "'" + "or sitedown='" +
$elementdown + "'" + "or job_status='" + $elementstatus + "'" +
"or job_status='" + $elementapproval + "'" + "or team_on_job='" +
$elementteam + "'" + "or RecorderName='" + $elementstaffname + "'",
:order => 'jobNo ASC', :per_page => $per_page
end

you might as well post your database password in public. This is
dangerous code. It allows SQL injection.

It's pretty clear you come from a PHP world. I suggest you read a few
books on Ruby programming, and google a bit for "rails sql injection."
Your code is a security nightmare.

Please, please please

use readable names for your variables or class names

what does mean TblpssDescriptionRecord?

I tried to rewrite it to help you but it's really too ugly and really
doesn't mean nothing.

STOP reassign your params vars, use:

params[:elementdown].each do |element_down|
  ....
end if params[:elementdown]

and why do you repeat your find on each when?
why not?

conditions = case xxx
when ... then nil
when ... then ['sitedown = ?', element_down]
end

YourFuckingUnreadableModel.paginate(:conditions =>
conditions, :per_page => per_page, :page => page)

hu?

You should learn coding before ruby or rails.