First post/newbie post... bear with me. What I''m trying to achive (music site): A system containing tracks and moods with a HABTM relationship. I''ve got all that set up and functioning in the admin environment - i.e. admins can apply a variety of moods to a particular track via a series of checkboxes. Join table works just fine. I''m currently stuck on allowing site users to filter a list of moods via checkboxes to see only those tracks that are "tagged" with the selected mood or moods. In my hacking I''ve got it working for a single mood, but multiple moods.... nada. My def results needs some help. I''m lost in the woods. Any insight would be very appreciated. Code below: Don Here''s an excerpt of the error that might helpful. Parameters: {"commit"=>"Show Tracks", "moods"=>["1", "2"]} MOODS_CONTROLLER.RB def results params[:moods].each do #@my_id=mood end mood = Mood.find(4) # hard coded for a single query. @tracks_by_mood = mood.tracks end LIST.RHTML <h1>Moods</h1> <p>Select a mood or moods below to see a list of track with those moods</p> <ul> <%= start_form_tag :action => ''results'', :id => @mood %> <% Mood.find(:all).each do |mood| %> <li><%= check_box_tag("moods[]",mood.id) %><b><%= mood.name %> - </ b><%= mood.description%></li> <% end %> <%= submit_tag ''Show Tracks'' %> <%= end_form_tag %> </ul> RESULTS.RHTML <h1>Results</h1> <table> <% for track_by_mood in @tracks_by_mood %> <tr> <td><b><%= track_by_mood.title %></b></td> <td> <% for mood in track_by_mood.moods %> <%= mood.name %>, <%end%> </td> </tr> <%end%> </table>
This is a great question. I''m trying to do something similar in a demo application I''m putting together that searches through apartment listings. I''m trying to accomplish the same as Don but in my case I''m looking to filter searches with multiple bedroom sizes ... IE: search for apartments that are studios, 1br, or 2br ... for the life of me I can''t figure out how to create the call to find_all with all of the selected checkboxes though. - J On 2/22/06, Don Cento <don@secondbridge.com> wrote:> First post/newbie post... bear with me. > > What I''m trying to achive (music site): > A system containing tracks and moods with a HABTM relationship. I''ve > got all that set up and functioning in the admin environment - i.e. > admins can apply a variety of moods to a particular track via a > series of checkboxes. Join table works just fine. > > I''m currently stuck on allowing site users to filter a list of moods > via checkboxes to see only those tracks that are "tagged" with the > selected mood or moods. In my hacking I''ve got it working for a > single mood, but multiple moods.... nada. > > My def results needs some help. I''m lost in the woods. Any insight > would be very appreciated. Code below: > > Don > > Here''s an excerpt of the error that might helpful. > > Parameters: {"commit"=>"Show Tracks", "moods"=>["1", "2"]} > > MOODS_CONTROLLER.RB > def results > params[:moods].each do > #@my_id=mood > end > mood = Mood.find(4) # hard coded for a single query. > @tracks_by_mood = mood.tracks > end > > LIST.RHTML > <h1>Moods</h1> > <p>Select a mood or moods below to see a list of track with those > moods</p> > <ul> > <%= start_form_tag :action => ''results'', :id => @mood %> > <% Mood.find(:all).each do |mood| %> > <li><%= check_box_tag("moods[]",mood.id) %><b><%= mood.name %> - </ > b><%= mood.description%></li> > <% end %> > <%= submit_tag ''Show Tracks'' %> > <%= end_form_tag %> > </ul> > > RESULTS.RHTML > <h1>Results</h1> > <table> > <% for track_by_mood in @tracks_by_mood %> > <tr> > <td><b><%= track_by_mood.title %></b></td> > <td> > <% for mood in track_by_mood.moods %> > <%= mood.name %>, > <%end%> > </td> > </tr> > <%end%> > </table> > > > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
I guess it''s a good thing that this always happens, but, of course as soon as I sent this email I had a "lightbulb" moment and figured it out. Don - This might work, try this: def results moodsearch = "" params[:moods].each { |eachmood| moodsearch=moodsearch+" OR mood=''"+eachmood+"''"} moodsearch = moodsearch.slice!(3, moodsearch.length) mood = Mood.find(:all, :conditions => moodsearch) @tracks_by_mood = mood.tracks end basically I figured we should build the search condition dynamically by looping through the checked values in the moods array. throw the string that''s built in there as the conditions, and search away. (The slice method is just there to get rid of the head "OR ".) I tried this in my own applicaction and it worked out perfectly. - Joel On 2/22/06, Joel Oliveira <joel.oliveira@gmail.com> wrote:> This is a great question. I''m trying to do something similar in a > demo application I''m putting together that searches through apartment > listings. I''m trying to accomplish the same as Don but in my case I''m > looking to filter searches with multiple bedroom sizes ... IE: search > for apartments that are studios, 1br, or 2br ... > > for the life of me I can''t figure out how to create the call to > find_all with all of the selected checkboxes though. > > - J > > On 2/22/06, Don Cento <don@secondbridge.com> wrote: > > First post/newbie post... bear with me. > > > > What I''m trying to achive (music site): > > A system containing tracks and moods with a HABTM relationship. I''ve > > got all that set up and functioning in the admin environment - i.e. > > admins can apply a variety of moods to a particular track via a > > series of checkboxes. Join table works just fine. > > > > I''m currently stuck on allowing site users to filter a list of moods > > via checkboxes to see only those tracks that are "tagged" with the > > selected mood or moods. In my hacking I''ve got it working for a > > single mood, but multiple moods.... nada. > > > > My def results needs some help. I''m lost in the woods. Any insight > > would be very appreciated. Code below: > > > > Don > > > > Here''s an excerpt of the error that might helpful. > > > > Parameters: {"commit"=>"Show Tracks", "moods"=>["1", "2"]} > > > > MOODS_CONTROLLER.RB > > def results > > params[:moods].each do > > #@my_id=mood > > end > > mood = Mood.find(4) # hard coded for a single query. > > @tracks_by_mood = mood.tracks > > end > > > > LIST.RHTML > > <h1>Moods</h1> > > <p>Select a mood or moods below to see a list of track with those > > moods</p> > > <ul> > > <%= start_form_tag :action => ''results'', :id => @mood %> > > <% Mood.find(:all).each do |mood| %> > > <li><%= check_box_tag("moods[]",mood.id) %><b><%= mood.name %> - </ > > b><%= mood.description%></li> > > <% end %> > > <%= submit_tag ''Show Tracks'' %> > > <%= end_form_tag %> > > </ul> > > > > RESULTS.RHTML > > <h1>Results</h1> > > <table> > > <% for track_by_mood in @tracks_by_mood %> > > <tr> > > <td><b><%= track_by_mood.title %></b></td> > > <td> > > <% for mood in track_by_mood.moods %> > > <%= mood.name %>, > > <%end%> > > </td> > > </tr> > > <%end%> > > </table> > > > > > > > > _______________________________________________ > > Rails mailing list > > Rails@lists.rubyonrails.org > > http://lists.rubyonrails.org/mailman/listinfo/rails > > >
How about: moods = params[:moods].join(", ") Mood.find(:all, :conditions => "mood in (#{mood})") Totally untested, but I think it''ll work, and you should be able to adapt it. WAY prettier than looping/slicing :) Pat On 2/22/06, Joel Oliveira <joel.oliveira@gmail.com> wrote:> I guess it''s a good thing that this always happens, but, of course as > soon as I sent this email I had a "lightbulb" moment and figured it > out. > > Don - This might work, try this: > > def results > moodsearch = "" > params[:moods].each { |eachmood| moodsearch=moodsearch+" OR > mood=''"+eachmood+"''"} > moodsearch = moodsearch.slice!(3, moodsearch.length) > mood = Mood.find(:all, :conditions => moodsearch) > @tracks_by_mood = mood.tracks > end > > basically I figured we should build the search condition dynamically > by looping through the checked values in the moods array. throw the > string that''s built in there as the conditions, and search away. (The > slice method is just there to get rid of the head "OR ".) > > I tried this in my own applicaction and it worked out perfectly. > > - Joel > > > On 2/22/06, Joel Oliveira <joel.oliveira@gmail.com> wrote: > > This is a great question. I''m trying to do something similar in a > > demo application I''m putting together that searches through apartment > > listings. I''m trying to accomplish the same as Don but in my case I''m > > looking to filter searches with multiple bedroom sizes ... IE: search > > for apartments that are studios, 1br, or 2br ... > > > > for the life of me I can''t figure out how to create the call to > > find_all with all of the selected checkboxes though. > > > > - J > > > > On 2/22/06, Don Cento <don@secondbridge.com> wrote: > > > First post/newbie post... bear with me. > > > > > > What I''m trying to achive (music site): > > > A system containing tracks and moods with a HABTM relationship. I''ve > > > got all that set up and functioning in the admin environment - i.e. > > > admins can apply a variety of moods to a particular track via a > > > series of checkboxes. Join table works just fine. > > > > > > I''m currently stuck on allowing site users to filter a list of moods > > > via checkboxes to see only those tracks that are "tagged" with the > > > selected mood or moods. In my hacking I''ve got it working for a > > > single mood, but multiple moods.... nada. > > > > > > My def results needs some help. I''m lost in the woods. Any insight > > > would be very appreciated. Code below: > > > > > > Don > > > > > > Here''s an excerpt of the error that might helpful. > > > > > > Parameters: {"commit"=>"Show Tracks", "moods"=>["1", "2"]} > > > > > > MOODS_CONTROLLER.RB > > > def results > > > params[:moods].each do > > > #@my_id=mood > > > end > > > mood = Mood.find(4) # hard coded for a single query. > > > @tracks_by_mood = mood.tracks > > > end > > > > > > LIST.RHTML > > > <h1>Moods</h1> > > > <p>Select a mood or moods below to see a list of track with those > > > moods</p> > > > <ul> > > > <%= start_form_tag :action => ''results'', :id => @mood %> > > > <% Mood.find(:all).each do |mood| %> > > > <li><%= check_box_tag("moods[]",mood.id) %><b><%= mood.name %> - </ > > > b><%= mood.description%></li> > > > <% end %> > > > <%= submit_tag ''Show Tracks'' %> > > > <%= end_form_tag %> > > > </ul> > > > > > > RESULTS.RHTML > > > <h1>Results</h1> > > > <table> > > > <% for track_by_mood in @tracks_by_mood %> > > > <tr> > > > <td><b><%= track_by_mood.title %></b></td> > > > <td> > > > <% for mood in track_by_mood.moods %> > > > <%= mood.name %>, > > > <%end%> > > > </td> > > > </tr> > > > <%end%> > > > </table> > > > > > > > > > > > > _______________________________________________ > > > Rails mailing list > > > Rails@lists.rubyonrails.org > > > http://lists.rubyonrails.org/mailman/listinfo/rails > > > > > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
Yup - that works just as well and looks much more elegant than my solution. Thank you Pat! - Joel On 2/22/06, Pat Maddox <pergesu@gmail.com> wrote:> How about: > > moods = params[:moods].join(", ") > Mood.find(:all, :conditions => "mood in (#{mood})") > > Totally untested, but I think it''ll work, and you should be able to > adapt it. WAY prettier than looping/slicing :) > > Pat > > > On 2/22/06, Joel Oliveira <joel.oliveira@gmail.com> wrote: > > I guess it''s a good thing that this always happens, but, of course as > > soon as I sent this email I had a "lightbulb" moment and figured it > > out. > > > > Don - This might work, try this: > > > > def results > > moodsearch = "" > > params[:moods].each { |eachmood| moodsearch=moodsearch+" OR > > mood=''"+eachmood+"''"} > > moodsearch = moodsearch.slice!(3, moodsearch.length) > > mood = Mood.find(:all, :conditions => moodsearch) > > @tracks_by_mood = mood.tracks > > end > > > > basically I figured we should build the search condition dynamically > > by looping through the checked values in the moods array. throw the > > string that''s built in there as the conditions, and search away. (The > > slice method is just there to get rid of the head "OR ".) > > > > I tried this in my own applicaction and it worked out perfectly. > > > > - Joel > > > > > > On 2/22/06, Joel Oliveira <joel.oliveira@gmail.com> wrote: > > > This is a great question. I''m trying to do something similar in a > > > demo application I''m putting together that searches through apartment > > > listings. I''m trying to accomplish the same as Don but in my case I''m > > > looking to filter searches with multiple bedroom sizes ... IE: search > > > for apartments that are studios, 1br, or 2br ... > > > > > > for the life of me I can''t figure out how to create the call to > > > find_all with all of the selected checkboxes though. > > > > > > - J > > > > > > On 2/22/06, Don Cento <don@secondbridge.com> wrote: > > > > First post/newbie post... bear with me. > > > > > > > > What I''m trying to achive (music site): > > > > A system containing tracks and moods with a HABTM relationship. I''ve > > > > got all that set up and functioning in the admin environment - i.e. > > > > admins can apply a variety of moods to a particular track via a > > > > series of checkboxes. Join table works just fine. > > > > > > > > I''m currently stuck on allowing site users to filter a list of moods > > > > via checkboxes to see only those tracks that are "tagged" with the > > > > selected mood or moods. In my hacking I''ve got it working for a > > > > single mood, but multiple moods.... nada. > > > > > > > > My def results needs some help. I''m lost in the woods. Any insight > > > > would be very appreciated. Code below: > > > > > > > > Don > > > > > > > > Here''s an excerpt of the error that might helpful. > > > > > > > > Parameters: {"commit"=>"Show Tracks", "moods"=>["1", "2"]} > > > > > > > > MOODS_CONTROLLER.RB > > > > def results > > > > params[:moods].each do > > > > #@my_id=mood > > > > end > > > > mood = Mood.find(4) # hard coded for a single query. > > > > @tracks_by_mood = mood.tracks > > > > end > > > > > > > > LIST.RHTML > > > > <h1>Moods</h1> > > > > <p>Select a mood or moods below to see a list of track with those > > > > moods</p> > > > > <ul> > > > > <%= start_form_tag :action => ''results'', :id => @mood %> > > > > <% Mood.find(:all).each do |mood| %> > > > > <li><%= check_box_tag("moods[]",mood.id) %><b><%= mood.name %> - </ > > > > b><%= mood.description%></li> > > > > <% end %> > > > > <%= submit_tag ''Show Tracks'' %> > > > > <%= end_form_tag %> > > > > </ul> > > > > > > > > RESULTS.RHTML > > > > <h1>Results</h1> > > > > <table> > > > > <% for track_by_mood in @tracks_by_mood %> > > > > <tr> > > > > <td><b><%= track_by_mood.title %></b></td> > > > > <td> > > > > <% for mood in track_by_mood.moods %> > > > > <%= mood.name %>, > > > > <%end%> > > > > </td> > > > > </tr> > > > > <%end%> > > > > </table> > > > > > > > > > > > > > > > > _______________________________________________ > > > > Rails mailing list > > > > Rails@lists.rubyonrails.org > > > > http://lists.rubyonrails.org/mailman/listinfo/rails > > > > > > > > > _______________________________________________ > > Rails mailing list > > Rails@lists.rubyonrails.org > > http://lists.rubyonrails.org/mailman/listinfo/rails > > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
Guys- Be careful with this. As it stands you are not escaping the params you are putting in the :conditions search. So you are leaving yourself open to sql injection attacks. If you use my ez_where plugin you can do this same search like this: @moods = Mood.ez_find(:all) { mood === params[:moods] } The === operator and this ez_find method will create this where clause: :conditions => ["mood IN (?)", params[:moods] ] where params[:moods] is an array of the check boxes. You can read more and get the download link to this plugin here: http://brainspl.at/articles/2006/01/30/i-have-been-busy There is a ton of other cool features that make multi param searches a lot cleaner in the plugin Cheers- -Ezra On Feb 22, 2006, at 3:05 PM, Joel Oliveira wrote:> Yup - that works just as well and looks much more elegant than my > solution. Thank you Pat! > > - Joel > > On 2/22/06, Pat Maddox <pergesu@gmail.com> wrote: >> How about: >> >> moods = params[:moods].join(", ") >> Mood.find(:all, :conditions => "mood in (#{mood})") >> >> Totally untested, but I think it''ll work, and you should be able to >> adapt it. WAY prettier than looping/slicing :) >> >> Pat >> >> >> On 2/22/06, Joel Oliveira <joel.oliveira@gmail.com> wrote: >>> I guess it''s a good thing that this always happens, but, of >>> course as >>> soon as I sent this email I had a "lightbulb" moment and figured it >>> out. >>> >>> Don - This might work, try this: >>> >>> def results >>> moodsearch = "" >>> params[:moods].each { |eachmood| moodsearch=moodsearch+" OR >>> mood=''"+eachmood+"''"} >>> moodsearch = moodsearch.slice!(3, moodsearch.length) >>> mood = Mood.find(:all, :conditions => moodsearch) >>> @tracks_by_mood = mood.tracks >>> end >>> >>> basically I figured we should build the search condition dynamically >>> by looping through the checked values in the moods array. throw the >>> string that''s built in there as the conditions, and search away. >>> (The >>> slice method is just there to get rid of the head "OR ".) >>> >>> I tried this in my own applicaction and it worked out perfectly. >>> >>> - Joel >>> >>> >>> On 2/22/06, Joel Oliveira <joel.oliveira@gmail.com> wrote: >>>> This is a great question. I''m trying to do something similar in a >>>> demo application I''m putting together that searches through >>>> apartment >>>> listings. I''m trying to accomplish the same as Don but in my >>>> case I''m >>>> looking to filter searches with multiple bedroom sizes ... IE: >>>> search >>>> for apartments that are studios, 1br, or 2br ... >>>> >>>> for the life of me I can''t figure out how to create the call to >>>> find_all with all of the selected checkboxes though. >>>> >>>> - J >>>> >>>> On 2/22/06, Don Cento <don@secondbridge.com> wrote: >>>>> First post/newbie post... bear with me. >>>>> >>>>> What I''m trying to achive (music site): >>>>> A system containing tracks and moods with a HABTM relationship. >>>>> I''ve >>>>> got all that set up and functioning in the admin environment - >>>>> i.e. >>>>> admins can apply a variety of moods to a particular track via a >>>>> series of checkboxes. Join table works just fine. >>>>> >>>>> I''m currently stuck on allowing site users to filter a list of >>>>> moods >>>>> via checkboxes to see only those tracks that are "tagged" with the >>>>> selected mood or moods. In my hacking I''ve got it working for a >>>>> single mood, but multiple moods.... nada. >>>>> >>>>> My def results needs some help. I''m lost in the woods. Any insight >>>>> would be very appreciated. Code below: >>>>> >>>>> Don >>>>> >>>>> Here''s an excerpt of the error that might helpful. >>>>> >>>>> Parameters: {"commit"=>"Show Tracks", "moods"=>["1", "2"]} >>>>> >>>>> MOODS_CONTROLLER.RB >>>>> def results >>>>> params[:moods].each do >>>>> #@my_id=mood >>>>> end >>>>> mood = Mood.find(4) # hard coded for a single query. >>>>> @tracks_by_mood = mood.tracks >>>>> end >>>>> >>>>> LIST.RHTML >>>>> <h1>Moods</h1> >>>>> <p>Select a mood or moods below to see a list of track with those >>>>> moods</p> >>>>> <ul> >>>>> <%= start_form_tag :action => ''results'', :id => @mood %> >>>>> <% Mood.find(:all).each do |mood| %> >>>>> <li><%= check_box_tag("moods[]",mood.id) %><b><% >>>>> = mood.name %> - </ >>>>> b><%= mood.description%></li> >>>>> <% end %> >>>>> <%= submit_tag ''Show Tracks'' %> >>>>> <%= end_form_tag %> >>>>> </ul> >>>>> >>>>> RESULTS.RHTML >>>>> <h1>Results</h1> >>>>> <table> >>>>> <% for track_by_mood in @tracks_by_mood %> >>>>> <tr> >>>>> <td><b><%= track_by_mood.title %></b></td> >>>>> <td> >>>>> <% for mood in track_by_mood.moods %> >>>>> <%= mood.name %>, >>>>> <%end%> >>>>> </td> >>>>> </tr> >>>>> <%end%> >>>>> </table> >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Rails mailing list >>>>> Rails@lists.rubyonrails.org >>>>> http://lists.rubyonrails.org/mailman/listinfo/rails >>>>> >>>> >>> _______________________________________________ >>> Rails mailing list >>> Rails@lists.rubyonrails.org >>> http://lists.rubyonrails.org/mailman/listinfo/rails >>> >> _______________________________________________ >> Rails mailing list >> Rails@lists.rubyonrails.org >> http://lists.rubyonrails.org/mailman/listinfo/rails >> > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
Many hanks to Joel and Pat for their insight. My modifed version: MOODS_CONTROLLER.RB def results mood_id = params[:mood_id].join(", ") @moods = Mood.find(:all, :conditions => "id in (#{mood_id})") end RESULTS.RHTML <% for mood in @moods %> <b><%= mood.name %></b> <ul> <% mood.tracks.each do |track| %> <li><%= track.title %></li> <%end%> </ul> <hr> <%end%> Cheers! Don C.> Yup - that works just as well and looks much more elegant than my > solution. Thank you Pat! > > - Joel > > On 2/22/06, Pat Maddox <pergesu@gmail.com> wrote: >> How about: >> >> moods = params[:moods].join(", ") >> Mood.find(:all, :conditions => "mood in (#{mood})") >> >> Totally untested, but I think it''ll work, and you should be able to >> adapt it. WAY prettier than looping/slicing :) >> >> Pat >> >> >> On 2/22/06, Joel Oliveira <joel.oliveira@gmail.com> wrote: >>> I guess it''s a good thing that this always happens, but, of >>> course as >>> soon as I sent this email I had a "lightbulb" moment and figured it >>> out. >>> >>> Don - This might work, try this: >>> >>> def results >>> moodsearch = "" >>> params[:moods].each { |eachmood| moodsearch=moodsearch+" OR >>> mood=''"+eachmood+"''"} >>> moodsearch = moodsearch.slice!(3, moodsearch.length) >>> mood = Mood.find(:all, :conditions => moodsearch) >>> @tracks_by_mood = mood.tracks >>> end >>> >>> basically I figured we should build the search condition dynamically >>> by looping through the checked values in the moods array. throw the >>> string that''s built in there as the conditions, and search away. >>> (The >>> slice method is just there to get rid of the head "OR ".) >>> >>> I tried this in my own applicaction and it worked out perfectly. >>> >>> - Joel >>> >>> >>> On 2/22/06, Joel Oliveira <joel.oliveira@gmail.com> wrote: >>>> This is a great question. I''m trying to do something similar in a >>>> demo application I''m putting together that searches through >>>> apartment >>>> listings. I''m trying to accomplish the same as Don but in my >>>> case I''m >>>> looking to filter searches with multiple bedroom sizes ... IE: >>>> search >>>> for apartments that are studios, 1br, or 2br ... >>>> >>>> for the life of me I can''t figure out how to create the call to >>>> find_all with all of the selected checkboxes though. >>>> >>>> - J >>>> >>>> On 2/22/06, Don Cento <don@secondbridge.com> wrote: >>>>> First post/newbie post... bear with me. >>>>> >>>>> What I''m trying to achive (music site): >>>>> A system containing tracks and moods with a HABTM relationship. >>>>> I''ve >>>>> got all that set up and functioning in the admin environment - >>>>> i.e. >>>>> admins can apply a variety of moods to a particular track via a >>>>> series of checkboxes. Join table works just fine. >>>>> >>>>> I''m currently stuck on allowing site users to filter a list of >>>>> moods >>>>> via checkboxes to see only those tracks that are "tagged" with the >>>>> selected mood or moods. In my hacking I''ve got it working for a >>>>> single mood, but multiple moods.... nada. >>>>> >>>>> My def results needs some help. I''m lost in the woods. Any insight >>>>> would be very appreciated. Code below: >>>>> >>>>> Don >>>>> >>>>> Here''s an excerpt of the error that might helpful. >>>>> >>>>> Parameters: {"commit"=>"Show Tracks", "moods"=>["1", "2"]} >>>>> >>>>> MOODS_CONTROLLER.RB >>>>> def results >>>>> params[:moods].each do >>>>> #@my_id=mood >>>>> end >>>>> mood = Mood.find(4) # hard coded for a single query. >>>>> @tracks_by_mood = mood.tracks >>>>> end >>>>> >>>>> LIST.RHTML >>>>> <h1>Moods</h1> >>>>> <p>Select a mood or moods below to see a list of track with those >>>>> moods</p> >>>>> <ul> >>>>> <%= start_form_tag :action => ''results'', :id => @mood %> >>>>> <% Mood.find(:all).each do |mood| %> >>>>> <li><%= check_box_tag("moods[]",mood.id) %><b><% >>>>> = mood.name %> - </ >>>>> b><%= mood.description%></li> >>>>> <% end %> >>>>> <%= submit_tag ''Show Tracks'' %> >>>>> <%= end_form_tag %> >>>>> </ul> >>>>> >>>>> RESULTS.RHTML >>>>> <h1>Results</h1> >>>>> <table> >>>>> <% for track_by_mood in @tracks_by_mood %> >>>>> <tr> >>>>> <td><b><%= track_by_mood.title %></b></td> >>>>> <td> >>>>> <% for mood in track_by_mood.moods %> >>>>> <%= mood.name %>, >>>>> <%end%> >>>>> </td> >>>>> </tr> >>>>> <%end%> >>>>> </table>
As Ezra pointed out, this leaves you vulnerable to SQL injection attacks. You need to use the [] and placeholders, not sure what the idiom is called :) mood_id = params[:mood_id].join(", ") @moods = Mood.find(:all, :conditions => ["id in (?)", mood_id]) I''ve never used his ezwhere plugin, but it might be worth looking into. Pat On 2/23/06, Don Cento <don@secondbridge.com> wrote:> Many hanks to Joel and Pat for their insight. My modifed version: > > MOODS_CONTROLLER.RB > > def results > mood_id = params[:mood_id].join(", ") > @moods = Mood.find(:all, :conditions => "id in (#{mood_id})") > end > > RESULTS.RHTML > > <% for mood in @moods %> > <b><%= mood.name %></b> > <ul> > <% mood.tracks.each do |track| %> > <li><%= track.title %></li> > <%end%> > </ul> > <hr> > <%end%> > > Cheers! > Don C. > > > Yup - that works just as well and looks much more elegant than my > > solution. Thank you Pat! > > > > - Joel > > > > On 2/22/06, Pat Maddox <pergesu@gmail.com> wrote: > >> How about: > >> > >> moods = params[:moods].join(", ") > >> Mood.find(:all, :conditions => "mood in (#{mood})") > >> > >> Totally untested, but I think it''ll work, and you should be able to > >> adapt it. WAY prettier than looping/slicing :) > >> > >> Pat > >> > >> > >> On 2/22/06, Joel Oliveira <joel.oliveira@gmail.com> wrote: > >>> I guess it''s a good thing that this always happens, but, of > >>> course as > >>> soon as I sent this email I had a "lightbulb" moment and figured it > >>> out. > >>> > >>> Don - This might work, try this: > >>> > >>> def results > >>> moodsearch = "" > >>> params[:moods].each { |eachmood| moodsearch=moodsearch+" OR > >>> mood=''"+eachmood+"''"} > >>> moodsearch = moodsearch.slice!(3, moodsearch.length) > >>> mood = Mood.find(:all, :conditions => moodsearch) > >>> @tracks_by_mood = mood.tracks > >>> end > >>> > >>> basically I figured we should build the search condition dynamically > >>> by looping through the checked values in the moods array. throw the > >>> string that''s built in there as the conditions, and search away. > >>> (The > >>> slice method is just there to get rid of the head "OR ".) > >>> > >>> I tried this in my own applicaction and it worked out perfectly. > >>> > >>> - Joel > >>> > >>> > >>> On 2/22/06, Joel Oliveira <joel.oliveira@gmail.com> wrote: > >>>> This is a great question. I''m trying to do something similar in a > >>>> demo application I''m putting together that searches through > >>>> apartment > >>>> listings. I''m trying to accomplish the same as Don but in my > >>>> case I''m > >>>> looking to filter searches with multiple bedroom sizes ... IE: > >>>> search > >>>> for apartments that are studios, 1br, or 2br ... > >>>> > >>>> for the life of me I can''t figure out how to create the call to > >>>> find_all with all of the selected checkboxes though. > >>>> > >>>> - J > >>>> > >>>> On 2/22/06, Don Cento <don@secondbridge.com> wrote: > >>>>> First post/newbie post... bear with me. > >>>>> > >>>>> What I''m trying to achive (music site): > >>>>> A system containing tracks and moods with a HABTM relationship. > >>>>> I''ve > >>>>> got all that set up and functioning in the admin environment - > >>>>> i.e. > >>>>> admins can apply a variety of moods to a particular track via a > >>>>> series of checkboxes. Join table works just fine. > >>>>> > >>>>> I''m currently stuck on allowing site users to filter a list of > >>>>> moods > >>>>> via checkboxes to see only those tracks that are "tagged" with the > >>>>> selected mood or moods. In my hacking I''ve got it working for a > >>>>> single mood, but multiple moods.... nada. > >>>>> > >>>>> My def results needs some help. I''m lost in the woods. Any insight > >>>>> would be very appreciated. Code below: > >>>>> > >>>>> Don > >>>>> > >>>>> Here''s an excerpt of the error that might helpful. > >>>>> > >>>>> Parameters: {"commit"=>"Show Tracks", "moods"=>["1", "2"]} > >>>>> > >>>>> MOODS_CONTROLLER.RB > >>>>> def results > >>>>> params[:moods].each do > >>>>> #@my_id=mood > >>>>> end > >>>>> mood = Mood.find(4) # hard coded for a single query. > >>>>> @tracks_by_mood = mood.tracks > >>>>> end > >>>>> > >>>>> LIST.RHTML > >>>>> <h1>Moods</h1> > >>>>> <p>Select a mood or moods below to see a list of track with those > >>>>> moods</p> > >>>>> <ul> > >>>>> <%= start_form_tag :action => ''results'', :id => @mood %> > >>>>> <% Mood.find(:all).each do |mood| %> > >>>>> <li><%= check_box_tag("moods[]",mood.id) %><b><% > >>>>> = mood.name %> - </ > >>>>> b><%= mood.description%></li> > >>>>> <% end %> > >>>>> <%= submit_tag ''Show Tracks'' %> > >>>>> <%= end_form_tag %> > >>>>> </ul> > >>>>> > >>>>> RESULTS.RHTML > >>>>> <h1>Results</h1> > >>>>> <table> > >>>>> <% for track_by_mood in @tracks_by_mood %> > >>>>> <tr> > >>>>> <td><b><%= track_by_mood.title %></b></td> > >>>>> <td> > >>>>> <% for mood in track_by_mood.moods %> > >>>>> <%= mood.name %>, > >>>>> <%end%> > >>>>> </td> > >>>>> </tr> > >>>>> <%end%> > >>>>> </table> > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
Good catch, guys - thanks. Although the named placeholder method seems to be "breaking" - I''m only getting one result no matter how many moods are checked. I''ve tried several named placeholder methods and even a find_by_sql to no avail. Any suggestions? I''m not even sure where to self-sufficiently look for this type of answer.... re: the plugin. Looks promising, but I''d like to get these basics more firmly in grasp before I delve into the world of plugins. :) Thanks, don c> Date: Thu, 23 Feb 2006 13:12:25 -0700 > From: "Pat Maddox" <pergesu@gmail.com> > > As Ezra pointed out, this leaves you vulnerable to SQL injection > attacks. You need to use the [] and placeholders, not sure what the > idiom is called :) > > mood_id = params[:mood_id].join(", ") > @moods = Mood.find(:all, :conditions => ["id in (?)", mood_id]) > > I''ve never used his ezwhere plugin, but it might be worth looking > into. > > Pat > > On 2/23/06, Don Cento <don@secondbridge.com> wrote: >> Many hanks to Joel and Pat for their insight. My modifed version: >> >> MOODS_CONTROLLER.RB >> >> def results >> mood_id = params[:mood_id].join(", ") >> @moods = Mood.find(:all, :conditions => "id in (#{mood_id})") >> end >> >> RESULTS.RHTML >> >> <% for mood in @moods %> >> <b><%= mood.name %></b> >> <ul> >> <% mood.tracks.each do |track| %> >> <li><%= track.title %></li> >> <%end%> >> </ul> >> <hr> >> <%end%> >> >> Cheers! >> Don C.