if I do a pagination:
@document_pages, @documents = paginate :documents, :per_page => 20,
:include => [:company], :conditions => "doc_type_id =
''#{@doc_type}''",
:order => "#{order_by}"
How could I sort by doc_type.title?
Thanks,
Ben Lisbakken
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---
Ben Lisbakken wrote:> if I do a pagination: > @document_pages, @documents = paginate :documents, :per_page => 20, > :include => [:company], :conditions => "doc_type_id = ''#{@doc_type}''", > :order => "#{order_by}" > > How could I sort by doc_type.title?As you would with find :all, i.e. use an appropriate :joins clause Also by doing what you have done above you could be opening the door to sql injection attacks. Fred -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Dear Ben:
In case you need the clarification on the sql injection attacks Fred
alluded to, you might want to read
http://manuals.rubyonrails.com/read/chapter/43
I haven''t tried running this but I believe the suggestion is instead of
writing:
@document_pages, @documents = paginate :documents, :per_page => 20,
:include => [:company], :conditions => "doc_type_id =
''#{@doc_type}''",
:order => "#{order_by}"
I think the suggestion is for you to write something like:
@document_pages, @documents = paginate :documents,
:per_page => 20,
:include => [:company],
:conditions => ["doc_type_id = :doc_type_id", {:doc_type_id
=>@doc_type}],
:order => [":order_by_criteria", {:order_by_criteria =>
order_by}]
(I played around with this syntax with the find method, and will assume
that the pagination works similarly...)
Hope this helps!
Dominique
Frederick Cheung wrote:> Ben Lisbakken wrote:
>> if I do a pagination:
>> @document_pages, @documents = paginate :documents, :per_page => 20,
>> :include => [:company], :conditions => "doc_type_id =
''#{@doc_type}''",
>> :order => "#{order_by}"
>>
>> How could I sort by doc_type.title?
>
> As you would with find :all, i.e. use an appropriate :joins clause
> Also by doing what you have done above you could be opening the door to
> sql injection attacks.
>
> Fred
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---
Hey thanks for the tips on sql injection! Didn''t realize that was happening! With the join, would I still use the :include? What would the syntax look like? Thanks again, Ben --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---