Params from form & condition in request

11155 · June 8, 2010, 7:09pm

Hi I have a form on View and I have to construct condition for query depending fields which user filled in form. I should write something like:

cond if params[par1] cond = " par1 = #{par1} "

if params[par2] cond += " AND par2 = #{par2} "

etc....

Client.all(:conditions => cond) .... ....

May be someone know more rational way how to do it in RoR? Thanks in advance!

11155 · June 8, 2010, 7:18pm

Stanislav Orlenko wrote:

Hi I have a form on View and I have to construct condition for query depending fields which user filled in form. I should write something like:

cond if params[par1] cond = " par1 = #{par1} "

if params[par2] cond += " AND par2 = #{par2} "

NO! NEVER EVER DO THAT! You're leaving yourself wide open to SQL injection.

etc....

Client.all(:conditions => cond) .... ....

May be someone know more rational way how to do it in RoR? Thanks in advance!

Well, conditions can take a hash, so how about

conditions = {} [:p1, :p2, :p3].each do |p| if params[p] conditions[p] = params[p] end end

Client.all :conditions => conditions

Best,

Topic		Replies	Views
Search form - need some direction / help rubyonrails-talk	2	141	October 16, 2006
Can anyone recommend a safe way/strategy to input some search conditions via URL parameters? rubyonrails-talk	0	137	August 21, 2008
Conditions in form_for rubyonrails-talk	2	80	February 8, 2010
Testing all conditions or params rubyonrails-talk	0	118	October 14, 2006
SQL syntax: conditions question for less than or equal to rubyonrails-talk	8	175	April 14, 2007

Params from form & condition in request

Related topics

More Resources