Hi all, I am doing with ruby on rail, now i am having a problem with advanced search by using multiple checkboxs and multiple radio.when i submited, it doesn''t show the result.so i hope all of you will be try and take the time to do it for me by regard, thank in advance! sincerely khim Attachments: http://www.ruby-forum.com/attachment/3385/form_search.gif -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Could you paste in some of your code? What example are you using? Khim Sreang wrote:> Hi all, > I am doing with ruby on rail, now i am having a problem with advanced > search by using multiple checkboxs and multiple radio.when i submited, > it doesn''t show the result.so i hope all of you will be try and take the > time to do it for me by regard, thank in advance! > > sincerely > khim-- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
heavy interface you got there. still, without your code nobody will be able to tell you where you went wrong. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
=================advanced_search.rhtml======================== <%= stylesheet_link_tag ''dynamicStyling'' %> <% *if* params[*:page*] page = params[*:page*] *else * page = *1 * *end * %> <script type="text/javascript"> function changeBoxes(action) { var f = document.frm_view_setup; var elms = f.elementdown; for( var i = 0; i < elms.length; i++ ) { if( elms[i].type != ''checkbox'' ){ continue; } if( action < 0 ){ elms[i].checked = elms[i].checked ? 0 : 1; } else { elms[i].checked = action; } } } function changeBoxesProvince(action) { var f = document.frm_view_setup; var elms = f.elementprovince; for( var i = 0; i < elms.length; i++ ) { if( elms[i].type != ''checkbox'' ){ continue; } if( action < 0 ){ elms[i].checked = elms[i].checked ? 0 : 1; } else { elms[i].checked = action; } } } function changeBoxesTypejob(action) { var f = document.frm_view_setup; var elms = f.elementstype; for( var i = 0; i < elms.length; i++ ) { if( elms[i].type != ''checkbox'' ){ continue; } if( action < 0 ){ elms[i].checked = elms[i].checked ? 0 : 1; } else { elms[i].checked = action; } } } function changeBoxesequipment(action) { var f = document.frm_view_setup; var elms = f.elementsequipment; for( var i = 0; i < elms.length; i++ ) { if( elms[i].type != ''checkbox'' ){ continue; } if( action < 0 ){ elms[i].checked = elms[i].checked ? 0 : 1; } else { elms[i].checked = action; } } } function changeBoxesStatus(action) { var f = document.frm_view_setup; var elms = f.elementstatus; for( var i = 0; i < elms.length; i++ ) { if( elms[i].type != ''checkbox'' ){ continue; } if( action < 0 ){ elms[i].checked = elms[i].checked ? 0 : 1; } else { elms[i].checked = action; } } } function changeBoxesApproval(action) { var f = document.frm_view_setup; var elms = f.elementapproval; for( var i = 0; i < elms.length; i++ ) { if( elms[i].type != ''checkbox'' ){ continue; } if( action < 0 ){ elms[i].checked = elms[i].checked ? 0 : 1; } else { elms[i].checked = action; } } } function changeBoxesTeam(action) { var f = document.frm_view_setup; var elms = f.elementteam; for( var i = 0; i < elms.length; i++ ) { if( elms[i].type != ''checkbox'' ){ continue; } if( action < 0 ){ elms[i].checked = elms[i].checked ? 0 : 1; } else { elms[i].checked = action; } } } function changeBoxesStaffName(action) { var f = document.frm_view_setup; var elms = f.elementstaffname; for( var i = 0; i < elms.length; i++ ) { if( elms[i].type != ''checkbox'' ){ continue; } if( action < 0 ){ elms[i].checked = elms[i].checked ? 0 : 1; } else { elms[i].checked = action; } } } </script> <script type="text/javascript"> function get_check_value() { var c_value_pro = ""; for (var i=0; i < document.frm_view_setup.elementprovince.length; i++) { if (document.frm_view_setup.elementprovince[i].checked) { c_value_pro = c_value_pro + document.frm_view_setup.elementprovince[i].value; } } var c_value_type = ""; for (var i=0; i < document.frm_view_setup.elementstype.length; i++) { if (document.frm_view_setup.elementstype[i].checked) { c_value_type = c_value_type + document.frm_view_setup.elementstype[i].value; } } var c_value_equip = ""; for (var i=0; i < document.frm_view_setup.elementsequipment.length; i++) { if (document.frm_view_setup.elementsequipment[i].checked) { c_value_equip = c_value_equip + document.frm_view_setup.elementsequipment[i].value; } } var c_value_downtime = ""; for (var i=0; i < document.frm_view_setup.elementdown.length; i++) { if (document.frm_view_setup.elementdown[i].checked) { c_value_downtime = c_value_downtime + document.frm_view_setup.elementdown[i].value; } } var c_value_status = ""; for (var i=0; i < document.frm_view_setup.elementstatus.length; i++) { if (document.frm_view_setup.elementstatus[i].checked) { c_value_status = c_value_status + document.frm_view_setup.elementstatus[i].value; } } var c_value_approval = ""; for (var i=0; i < document.frm_view_setup.elementapproval.length; i++) { if (document.frm_view_setup.elementapproval[i].checked) { c_value_approval = c_value_approval + document.frm_view_setup.elementapproval[i].value; } } var c_value_team = ""; for (var i=0; i < document.frm_view_setup.elementteam.length; i++) { if (document.frm_view_setup.elementteam[i].checked) { c_value_team = c_value_team + document.frm_view_setup.elementteam[i].value; } } var c_value_staffname = ""; for (var i=0; i < document.frm_view_setup.elementstaffname.length; i++) { if (document.frm_view_setup.elementstaffname[i].checked) { c_value_staffname = c_value_staffname + document.frm_view_setup.elementstaffname[i].value; } } window.location = "/jobview/view_detail_job_setup?province="+c_value_pro+ "&type_of_job="+c_value_type+"&equipment_part="+c_value_equip+"&sitedown=" +c_value_downtime+"&job_status="+c_value_status+"&job_status=" +c_value_approval+"&team_on_job="+c_value_team+"&RecorderName=" +c_value_staffname; } </script> <div align="left" class="h_top_menu_bottom"> <div align="center"> <ul class="menu_bottom_left"> <li><a href="/jobview/view_job" class="h_top_job_view"><span></span><div align="center">View</div></a></li> <li><a onClick="approval_info()" class="h_top_modify"><span align="center"></span><div align="center">Modify</div></a></li> <li><a onClick="show_history()" class="h_top_history"><span align="center"></span><div align="center">History</div></a></li> <li><a onClick="transfer_info()" class="h_top_transfer"><span align="center"></span><div align="center">Transfer</div></a></li> <li><a onClick="reject_info();" class="h_top_reject"><span align="center"></span><div align="center">Reject</div></a></li> <li class="border_active"><a href="/jobview/view_job_setup" class="h_top_view_job_setup Setupviewjob_active"><span align="center"></span><div align="center">View Job Setup</div></a></li> </ul> </div> <div class="caption_header">PSS JOB DESCRIPTION - MODIFY</div> </div> <div class="body_header_content"> <% *if* flash[*:notice*] %><div style="text-align:center; color:#ffffff;"><%flash[*:notice*] %></div><div style="padding-bottom: 3px;"></div><% *end* %> <% form_for *:tblpss_description_record*, *@tblpss_description_record*, * :url*=>{ *:action*=>''view_detail_job_setup'' }, *:html*=>{ *:id*=> ''frm_view_setup'', *:name*=>''frm_view_setup'', *:method* => *:get*} *do* |f|%> <div class="mar_table clearfix" align="left"> <div class="b_add_table_g_permission" align="left"> <div class="main_title"> <div class="f_left"> </div> </div> <body> <div class="bgbordercontent"> <div class="top_content"></div> <div class="center_content"> <div class="b_add_t_body_data clearfix"> <div> <div class="caption_data_show"> <table width="1100px" border="0" cellpadding="0" cellspacing="0" style"color:#124bbf"> <tr> <td> <address class="time_field"> <span class="title_field1">TIME</span><br /> <input type="radio" name="TIME_VIEW" value="ALL" id="optALL">ALL<br /> <input type="radio" name="TIME_VIEW" value="TODAY" id="optTODAY">TODAY<br /> <input type="radio" name="TIME_VIEW" value="ONE WEEK" id="optONEWEEK">ONE WEEK<br /> <input type="radio" name="TIME_VIEW" value="TWO WEEK" id="optTWOWEEK">TWO WEEK<br /> <input type="radio" name="TIME_VIEW" value="THIS MONTH" id="optMONTH">THIS MONTH<br /> <input type="radio" name="TIME_VIEW" value="TWO MONTH" id="optTWOMONTH">TWO MONTH<br /> <input type="radio" name="TIME_VIEW" value="THREE MONTH" id="optTRHEEMONTH">THREE MONTH<br /> <input type="radio" name="TIME_VIEW" value="SIX MONTH" id="optSIXMONTH">SIX MONTH<br /> </address> </td> <td> <address class="province_field"> <span class="title_field">PROVINCE</span><br /> <u onclick="changeBoxesProvince(0)" style="cursor: pointer;">UNCHECK</u><br /> <input type="checkbox" name="elementprovince" value="ALL" id="optPROVINCE" onclick="changeBoxesProvince(1)">ALL<br> <input type="checkbox" name="elementprovince" value="PHNOM PENH" id"optPROVINCE">PHNOM PENH<br> <input type="checkbox" name="elementprovince" value="BANTEAY MEANCHEY" id"optPROVINCE">BANTEAY MEANCHEY<br> <input type="checkbox" name="elementprovince" value="BATTAMBANG" id"optPROVINCE">BATTAMBANG<br> <input type="checkbox" name="elementprovince" value="KAMPONG CHAM" id"optPROVINCE">KAMPONG CHAM<br> <input type="checkbox" name="elementprovince" value="KAMPONG CHHNANG" id"optPROVINCE">KAMPONG CHHNANG<br> <input type="checkbox" name="elementprovince" value="KAMPONG SPEU" id"optPROVINCE">KAMPONG SPEU<br> <input type="checkbox" name="elementprovince" value="KAMPONG THOM" id"optPROVINCE">KAMPONG THOM<br> <input type="checkbox" name="elementprovince" value="KAMPOT" id"optPROVINCE">KAMPOT<br> <input type="checkbox" name="elementprovince" value="KANDAL" id"optPROVINCE">KANDAL<br> <input type="checkbox" name="elementprovince" value="KEP VILLE" id"optPROVINCE">KEP VILLE<br> <input type="checkbox" name="elementprovince" value="KOH KONG" id"optPROVINCE">KOH KONG<br> <input type="checkbox" name="elementprovince" value="KRATIE" id"optPROVINCE">KRATIE<br> <input type="checkbox" name="elementprovince" value="MONDOL KIRI" id"optPROVINCE">MONDOL KIRI<br> <input type="checkbox" name="elementprovince" value="ODORMEANCHEY" id"optPROVINCE">ODORMEANCHEY<br> <input type="checkbox" name="elementprovince" value="PAILIN" id"optPROVINCE">PAILIN<br> <input type="checkbox" name="elementprovince" value="PREAH VIHEAR" id"optPROVINCE">PREAH VIHEAR<br> <input type="checkbox" name="elementprovince" value="PREY VENG" id"optPROVINCE">PREY VENG<br> <input type="checkbox" name="elementprovince" value="PURSAT" id"optPROVINCE">PURSAT<br> <input type="checkbox" name="elementprovince" value="RATTANAKIRI" id"optPROVINCE">RATTANAKIRI<br> <input type="checkbox" name="elementprovince" value="SIEM REAP" id"optPROVINCE">SIEM REAP<br> <input type="checkbox" name="elementprovince" value="SIHANOUK VILLE" id"optPROVINCE">SIHANOUK VILLE<br> <input type="checkbox" name="elementprovince" value="STUNG SRENG" id"optPROVINCE">STUNG SRENG<br> <input type="checkbox" name="elementprovince" value="SVAY RIENG" id"optPROVINCE">SVAY RIENG<br> <input type="checkbox" name="elementprovince" value="TAKEO" id="optPROVINCE">TAKEO<br></address> </td> <td> <address class="jobtype_field"> <span class="title_field">TYPE OF JOB</span><br /> <u onclick="changeBoxesTypejob(0)" style="cursor: pointer;">UNCHECK</u><br /> <input type="checkbox" name="elementstype" value="ALL" id="optJOBTYPE" onclick="changeBoxesTypejob(1)">ALL<br> <input type="checkbox" name="elementstype" value="PREVENTIVE" id"optJOBTYPE">PREVENTIVE<br> <input type="checkbox" name="elementstype" value="CORRECTIVE" id"optJOBTYPE">CORRECTIVE<br> <input type="checkbox" name="elementstype" value="INSTALLATION" id"optJOBTYPE">INSTALLATION<br> <input type="checkbox" name="elementstype" value="OTHER" id="optJOBTYPE"> OTHER<br> </address> </td> <td> <address class="equipment_field"> <span class="title_field">EQUIPMENT PART</span><br /> <u onclick="changeBoxesequipment(0)" style="cursor: pointer;">UNCHECK</u><br /> <input type="checkbox" name="elementsequipment" value="ALL" id"optEQUIPMENT" onclick="changeBoxesequipment(1)">ALL<br> <input type="checkbox" name="elementsequipment" value="ELECTRICITY" id"optEQUIPMENT">ELECTRICITY<br> <input type="checkbox" name="elementsequipment" value="GENERATOR" id"optEQUIPMENT">GENERATOR<br> <input type="checkbox" name="elementsequipment" value="RECTIFIER" id"optEQUIPMENT">RECTIFIER<br> <input type="checkbox" name="elementsequipment" value="BATTERY" id"optEQUIPMENT">BATTERY<br> <input type="checkbox" name="elementsequipment" value="AIR CONDITION" id"optEQUIPMENT">AIR CONDITION<br> <input type="checkbox" name="elementsequipment" value="OTHER" id"optEQUIPMENT">OTHER<br> </address> </td> <td> <address class="downtime_field"> <span class="title_field">DOWNTIME</span><br /> <u onclick="changeBoxes(0)" style="cursor: pointer;">UNCHECK</u><br /> <input type="checkbox" name="elementdown" value="ALL" id="optDOWNTIME" onclick="changeBoxes(1)">ALL<br> <input type="checkbox" name="elementdown" value="YES" id="optDOWNTIME">YES <br> <input type="checkbox" name="elementdown" value="NO" id="optDOWNTIME">NO<br> </address> </td> <td> <address class="status_field"> <span class="title_field">STATUS</span><br /> <span><u onclick="changeBoxesStatus(0)" style="cursor: pointer;">UNCHECK</u></span><br /> <input type="checkbox" name="elementstatus" value="ALL" id="optSTATUS" onclick="changeBoxesStatus(1)">ALL<br> <input type="checkbox" name="elementstatus" value="WORKING" id="optSTATUS"> WORKING<br> <input type="checkbox" name="elementstatus" value="PENDING" id="optSTATUS"> PENDING<br> <input type="checkbox" name="elementstatus" value="CLOSE" id="optSTATUS"> CLOSE<br> <input type="checkbox" name="elementstatus" value="REJECTED" id="optSTATUS"> REJECTED<br> </address> </td> <td> <address class="approval_field"> <span class="title_field">APPROVAL</span><br /> <u onclick="changeBoxesApproval(0)" style="cursor: pointer;">UNCHECK</u><br /> <input type="checkbox" name="elementapproval" value="ALL" id="optAPPROVAL" onclick="changeBoxesApproval(1)">ALL<br> <input type="checkbox" name="elementapproval" value="APPROVED" id"optAPPROVAL">APPROVED<br> </address> </td> <td> <address class="team_field"> <span class="title_field">TEAM</span><br /> <u onclick="changeBoxesTeam(0)" style="cursor: pointer;">UNCHECK</u><br /> <input type="checkbox" name="elementteam" value="ALL" id="optTEAM" onclick"changeBoxesTeam(1)">ALL<br> <input type="checkbox" name="elementteam" value="TEAM 1" id="optTEAM">TEAM 1 <br> <input type="checkbox" name="elementteam" value="TEAM 2" id="optTEAM">TEAM 2 <br> <input type="checkbox" name="elementteam" value="TEAM 3" id="optTEAM">TEAM 3 <br> <input type="checkbox" name="elementteam" value="TEAM 4" id="optTEAM">TEAM 4 <br> <input type="checkbox" name="elementteam" value="OTHER" id="optTEAM">OTHER <br> </address> </td> <td> <address class="staffname_field"> <span class="title_field">STAFF NAME</span><br /> <u onclick="changeBoxesStaffName(0)" style="cursor: pointer;">UNCHECK</u><br /> <input type="checkbox" name="elementstaffname" value="ALL" id="optSTAFF" onclick="changeBoxesStaffName(1)">ALL<br> <input type="checkbox" name="elementstaffname" value="CHANDARA" id"optSTAFF">CHANDARA<br> <input type="checkbox" name="elementstaffname" value="CHAMNAN" id="optSTAFF">CHAMNAN<br><input type="checkbox" name="elementstaffname" value="CHENG" id="optSTAFF"> CHENG<br> <input type="checkbox" name="elementstaffname" value="CHINVEY" id="optSTAFF">CHINVEY<br><input type="checkbox" name="elementstaffname" value="CHHIM" id="optSTAFF"> CHHIM<br> <input type="checkbox" name="elementstaffname" value="DANO" id="optSTAFF"> DANO<br> <input type="checkbox" name="elementstaffname" value="DSOPHORN" id"optSTAFF">DSOPHORN<br> <input type="checkbox" name="elementstaffname" value="KOSAL" id="optSTAFF"> KOSAL<br> <input type="checkbox" name="elementstaffname" value="KIMRIM" id="optSTAFF"> KIMRIM<br> <input type="checkbox" name="elementstaffname" value="HEAN" id="optSTAFF"> HEAN<br> <input type="checkbox" name="elementstaffname" value="MOASAM" id="optSTAFF"> MOASAM<br> <input type="checkbox" name="elementstaffname" value="NADA" id="optSTAFF"> NADA<br> <input type="checkbox" name="elementstaffname" value="RUMNEA" id="optSTAFF"> RUMNEA<br> <input type="checkbox" name="elementstaffname" value="SOMANIN" id="optSTAFF">SOMANIN<br><input type="checkbox" name="elementstaffname" value="SOPHY" id="optSTAFF"> SOPHY<br> <input type="checkbox" name="elementstaffname" value="SOPHAL" id="optSTAFF"> SOPHAL<br> <input type="checkbox" name="elementstaffname" value="SOKHA" id="optSTAFF"> SOKHA<br> <input type="checkbox" name="elementstaffname" value="SARIN" id="optSTAFF"> SARIN<br> <input type="checkbox" name="elementstaffname" value="SOKOUL" id="optSTAFF"> SOKOUL<br> <input type="checkbox" name="elementstaffname" value="SAMNANG" id="optSTAFF">SAMNANG<br><input type="checkbox" name="elementstaffname" value="PHEARIT" id="optSTAFF">PHEARIT<br><input type="checkbox" name="elementstaffname" value="VENG" id="optSTAFF"> VENG<br> <input type="checkbox" name="elementstaffname" value="VANNAK" id="optSTAFF"> VANNAK<br> <input type="checkbox" name="elementstaffname" value="YOULEANG" id"optSTAFF">YOULEANG<br> </address> <% *end* %> </td> </tr> </table> </div> <div class="c_both"> <div class="row_metertran"> </div> </div> </div> <div class="b_add_t_body_right2 clearfix"> </div> <div class="b_add_t_bodycontent_righttram clearfix"> <div class="c_both"> <div class="row_meter4"> </div> </div> </div> </div> <div> <div class="c_both"> <div class="row_back1"> <div class="t_button"> <a class="cmd_submit clearfix" onClick="get_check_value();"> <div class="cmd_s_left"></div> <div class="cmd_s_center"><span>SUBMIT</span></div> <div class="cmd_s_right"></div> </a> <a class="cmd_submit clearfix" onClick="javascript:{}"> <div class="cmd_s_left"></div> <div class="cmd_s_center"><span>CANCEL</span></div> <div class="cmd_s_cancel"></div> </a> </div> </div> </div> </div> </div> </div> </div> </div> ================end================= =============in advancedsearch Controller * def* advanced_search $elementspro = params[*:elementprovince*] $elementstype = params[*:elementstype*] $elementsequipment = params[*:elementsequipment*] $elementdown = params[*:elementdown*] $elementstatus = params[*:elementstatus*] $elementapproval = params[*:elementapproval*] $elementteam = params[*:elementteam*] $elementstaffname = params[*:elementstaffname*] $frm_view_setup = params[*:frm_view_setup*] *@tblpss_description_records* = TblpssDescriptionRecord.paginate *:page* => params[*:page*], *:conditions*=>"province=''" + $elementspro + "''" + "or type_of_job=''" + $elementstype + "''" + "or equipment_part=''" + $elementsequipment + "''" + "or sitedown=''" + $elementdown + "''" + "or job_status=''" + $elementstatus + "''" + "or job_status=''" + $elementapproval + "''" + "or team_on_job=''" + $elementteam + "''" + "or RecorderName=''" + $elementstaffname + "''", *:order*=> ''jobNo ASC'', *:per_page* => $per_page *end * --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
> <%= stylesheet_link_tag ''dynamicStyling'' %> >You''re going have to trim this down a lot - people answer questions on this list out of good will and for most people that doesn''t include reading 500+ lines of code. I will say this: global variables yuck, I hope all those * symbols aren''t actually in your code and you are opening yourself to sql injection Reduce your problem to a short example (you still haven''t said what it is that isn''t working) and you might get some help Fred --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
With code like this: def advanced_search $elementspro = params[:elementprovince] $elementstype = params[:elementstype] $elementsequipment = params[:elementsequipment] $elementdown = params[:elementdown] $elementstatus = params[:elementstatus] $elementapproval = params[:elementapproval] $elementteam = params[:elementteam] $elementstaffname = params[:elementstaffname] $frm_view_setup = params[:frm_view_setup] @tblpss_description_records = TblpssDescriptionRecord.paginate :page => params[:page], :conditions=>"province=''" + $elementspro + "''" + "or type_of_job=''" + $elementstype + "''" + "or equipment_part=''" + $elementsequipment + "''" + "or sitedown=''" + $elementdown + "''" + "or job_status=''" + $elementstatus + "''" + "or job_status=''" + $elementapproval + "''" + "or team_on_job=''" + $elementteam + "''" + "or RecorderName=''" + $elementstaffname + "''", :order => ''jobNo ASC'', :per_page => $per_page end you might as well post your database password in public. This is dangerous code. It allows SQL injection. It''s pretty clear you come from a PHP world. I suggest you read a few books on Ruby programming, and google a bit for "rails sql injection." Your code is a security nightmare. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
You should really read basics about variable types in ruby. All your $... vars are globals. It''s not threadsafe and really hugly. You should really learn to give readable names to your vars (ex: params[:elements][:province]). Why $elementspro = params[:elementprovince] #... :conditions => "province=" + $elementspro instead of :conditions => "province=" + params[:elementprovince] ??????. your code will be more readable and threadsafe Why :conditions => "province=" + $element instead of :conditions => [''province = :elementprovince'', params] ????? your code will be more readable AND SAFE!!! I agree with Michael, you clearly come from php. Ruby is not php. First, there''s threads like in any other correct language and it means you have to handle with. Second, in rails, every good practice is often (always?!) simpler to use than bad practice. Every rails tutorial use good SQL practice, why not you? Even your html is ugly. - Instead of millions of checkboxes, use multiple lists - Don''t write your javascript in your html page - Don''t use divs (or anything else) out of body - Don''t declare body anywhere else than in your layouts - Don''t use logic in view (page = params[:page]) => will_paginate handle nil params[:page] for you - Use cool syntax like: page = params[:page] || 1 - Don''t use table, unless for tabular data presentation (table is a table, not a visual tool) - Don''t use style propertie in html, use css in separated css file(s) NEVER USE GLOBAL VARS! it''s really rare when you can justify of their using. I think you''re clearly not ready to use mvc and oop, go read manuals. You just proved, another time, that most of php coders suck. On 15 mar, 02:46, Michael Graff <skan.gryp...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> With code like this: > > def advanced_search > $elementspro = params[:elementprovince] > $elementstype = params[:elementstype] > $elementsequipment = params[:elementsequipment] > $elementdown = params[:elementdown] > $elementstatus = params[:elementstatus] > $elementapproval = params[:elementapproval] > $elementteam = params[:elementteam] > $elementstaffname = params[:elementstaffname] > $frm_view_setup = params[:frm_view_setup] > @tblpss_description_records = TblpssDescriptionRecord.paginate :page > => params[:page], :conditions=>"province=''" + $elementspro + "''" + "or > type_of_job=''" + $elementstype + "''" + > "or equipment_part=''" + $elementsequipment + "''" + "or sitedown=''" + > $elementdown + "''" + "or job_status=''" + $elementstatus + "''" + > "or job_status=''" + $elementapproval + "''" + "or team_on_job=''" + > $elementteam + "''" + "or RecorderName=''" + $elementstaffname + "''", > :order => ''jobNo ASC'', :per_page => $per_page > end > > you might as well post your database password in public. This is > dangerous code. It allows SQL injection. > > It''s pretty clear you come from a PHP world. I suggest you read a few > books on Ruby programming, and google a bit for "rails sql injection." > Your code is a security nightmare.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Mar 15, 8:46 am, Michael Graff <skan.gryp...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> With code like this: > > def advanced_search > $elementspro = params[:elementprovince] > $elementstype = params[:elementstype] > $elementsequipment = params[:elementsequipment] > $elementdown = params[:elementdown] > $elementstatus = params[:elementstatus] > $elementapproval = params[:elementapproval] > $elementteam = params[:elementteam] > $elementstaffname = params[:elementstaffname] > $frm_view_setup = params[:frm_view_setup] > @tblpss_description_records = TblpssDescriptionRecord.paginate :page > => params[:page], :conditions=>"province=''" + $elementspro + "''" + "or > type_of_job=''" + $elementstype + "''" + > "or equipment_part=''" + $elementsequipment + "''" + "or sitedown=''" + > $elementdown + "''" + "or job_status=''" + $elementstatus + "''" + > "or job_status=''" + $elementapproval + "''" + "or team_on_job=''" + > $elementteam + "''" + "or RecorderName=''" + $elementstaffname + "''", > :order => ''jobNo ASC'', :per_page => $per_page > end > > you might as well post your database password in public. This is > dangerous code. It allows SQL injection. > > It''s pretty clear you come from a PHP world. I suggest you read a few > books on Ruby programming, and google a bit for "rails sql injection." > Your code is a security nightmare.============================= Hi Mr. Michael Graff thank a million for your advice.but I want to use ruby on rail because I just use it in LAN only,my advanced search is the same http://bitnami.org/advanced_search.they worked in ruby on rails too.I try the best to do like that but I still get fails.now i will show you abit with my code in controller def view_detail_job_setup if request.get? elementdowns = params[:elementdown] elementstatus = params[:elementstatus] @tblpss_description_records = [] for elmdown in elementdowns case elmdown when "ALL" @tblpss_description_records TblpssDescriptionRecord.paginate :page => params[:page], :order => ''jobNo ASC'', :per_page => $per_page break when "YES" @tblpss_description_records TblpssDescriptionRecord.paginate :page => params [:page], :conditions=>"sitedown=''" + elmdown + "''", :order => ''jobNo ASC'', :per_page => $per_page break when "NO" @tblpss_description_records TblpssDescriptionRecord.paginate :page => params [:page], :conditions=>"sitedown=''" + elmdown + "''", :order => ''jobNo ASC'', :per_page => $per_page break else @tblpss_description_records TblpssDescriptionRecord.paginate :page => params [:page], :conditions=>"sitedown=''YES'' and sitedown=''NO''", :order => ''jobNo ASC'', :per_page => $per_page break end end end end So can you give your advice to me more about it? thank in advance --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Please, please please use readable names for your variables or class names what does mean TblpssDescriptionRecord? I tried to rewrite it to help you but it''s really too ugly and really doesn''t mean nothing. STOP reassign your params vars, use: params[:elementdown].each do |element_down| .... end if params[:elementdown] and why do you repeat your find on each when? why not? conditions = case xxx when ... then nil when ... then [''sitedown = ?'', element_down] end YourFuckingUnreadableModel.paginate(:conditions => conditions, :per_page => per_page, :page => page) hu? You should learn coding before ruby or rails. On 1 avr, 05:20, khim <khim.sre...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> On Mar 15, 8:46 am, Michael Graff <skan.gryp...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > > > With code like this: > > > def advanced_search > > $elementspro = params[:elementprovince] > > $elementstype = params[:elementstype] > > $elementsequipment = params[:elementsequipment] > > $elementdown = params[:elementdown] > > $elementstatus = params[:elementstatus] > > $elementapproval = params[:elementapproval] > > $elementteam = params[:elementteam] > > $elementstaffname = params[:elementstaffname] > > $frm_view_setup = params[:frm_view_setup] > > @tblpss_description_records = TblpssDescriptionRecord.paginate :page > > => params[:page], :conditions=>"province=''" + $elementspro + "''" + "or > > type_of_job=''" + $elementstype + "''" + > > "or equipment_part=''" + $elementsequipment + "''" + "or sitedown=''" + > > $elementdown + "''" + "or job_status=''" + $elementstatus + "''" + > > "or job_status=''" + $elementapproval + "''" + "or team_on_job=''" + > > $elementteam + "''" + "or RecorderName=''" + $elementstaffname + "''", > > :order => ''jobNo ASC'', :per_page => $per_page > > end > > > you might as well post your database password in public. This is > > dangerous code. It allows SQL injection. > > > It''s pretty clear you come from a PHP world. I suggest you read a few > > books on Ruby programming, and google a bit for "rails sql injection." > > Your code is a security nightmare. > > =============================> > Hi Mr. Michael Graff > > thank a million for your advice.but I want to use ruby on rail > because I just use it in LAN only,my advanced search is the samehttp://bitnami.org/advanced_search.theyworked in ruby on rails too.I > try the best to do like that but I still get fails.now i will show you > abit with my code in controller > > def view_detail_job_setup > if request.get? > elementdowns = params[:elementdown] > elementstatus = params[:elementstatus] > @tblpss_description_records = [] > for elmdown in elementdowns > case elmdown > when "ALL" > @tblpss_description_records > TblpssDescriptionRecord.paginate :page => params[:page], :order => > ''jobNo ASC'', :per_page => $per_page > break > when "YES" > @tblpss_description_records > TblpssDescriptionRecord.paginate :page => params > [:page], :conditions=>"sitedown=''" + elmdown + "''", :order => ''jobNo > ASC'', :per_page => $per_page > break > when "NO" > @tblpss_description_records > TblpssDescriptionRecord.paginate :page => params > [:page], :conditions=>"sitedown=''" + elmdown + "''", :order => ''jobNo > ASC'', :per_page => $per_page > break > else > @tblpss_description_records > TblpssDescriptionRecord.paginate :page => params > [:page], :conditions=>"sitedown=''YES'' and sitedown=''NO''", :order => > ''jobNo ASC'', :per_page => $per_page > break > end > end > end > end > > So can you give your advice to me more about it? > > thank in advance