Forum: Ruby on Rails Advanced Search In Ruby on Rails.

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Khim S. (Guest)
on 2009-03-04 06:51
Attachment: form_search.gif (0 Bytes)
Hi all,
   I am doing with ruby on rail, now i am having a problem with advanced
search by using multiple checkboxs and multiple radio.when i submited,
it doesn't show the result.so i hope all of you will be try and take the
time to do it for me by regard, thank in advance!

       sincerely
             khim
Vincent B. (Guest)
on 2009-03-04 09:47
Could you paste in some of your code? What example are you using?

Khim Sreang wrote:
> Hi all,
>    I am doing with ruby on rail, now i am having a problem with advanced
> search by using multiple checkboxs and multiple radio.when i submited,
> it doesn't show the result.so i hope all of you will be try and take the
> time to do it for me by regard, thank in advance!
>
>        sincerely
>              khim
MaD (Guest)
on 2009-03-04 10:12
(Received via mailing list)
heavy interface you got there. still, without your code nobody will be
able to tell you where you went wrong.
khim sreang (Guest)
on 2009-03-06 05:30
(Received via mailing list)
=================advanced_search.rhtml=========================

<%= stylesheet_link_tag 'dynamicStyling' %>

<%

*if* params[*:page*]

page = params[*:page*]

*else
*

page = *1
*

*end
*

%>

<script type="text/javascript">

function changeBoxes(action) {

var f = document.frm_view_setup;

var elms = f.elementdown;

for( var i = 0; i < elms.length; i++ ) {

if( elms[i].type != 'checkbox' ){ continue; }

if( action < 0 ){

elms[i].checked = elms[i].checked ? 0 : 1;

} else {

elms[i].checked = action;

}

}

}

function changeBoxesProvince(action) {

var f = document.frm_view_setup;

var elms = f.elementprovince;

for( var i = 0; i < elms.length; i++ ) {

if( elms[i].type != 'checkbox' ){ continue; }

if( action < 0 ){

elms[i].checked = elms[i].checked ? 0 : 1;

} else {

elms[i].checked = action;

}

}

}

function changeBoxesTypejob(action) {

var f = document.frm_view_setup;

var elms = f.elementstype;

for( var i = 0; i < elms.length; i++ ) {

if( elms[i].type != 'checkbox' ){ continue; }

if( action < 0 ){

elms[i].checked = elms[i].checked ? 0 : 1;

} else {

elms[i].checked = action;

}

}

}

function changeBoxesequipment(action) {

var f = document.frm_view_setup;

var elms = f.elementsequipment;

for( var i = 0; i < elms.length; i++ ) {

if( elms[i].type != 'checkbox' ){ continue; }

if( action < 0 ){

elms[i].checked = elms[i].checked ? 0 : 1;

} else {

elms[i].checked = action;

}

}

}

function changeBoxesStatus(action) {

var f = document.frm_view_setup;

var elms = f.elementstatus;

for( var i = 0; i < elms.length; i++ ) {

if( elms[i].type != 'checkbox' ){ continue; }

if( action < 0 ){

elms[i].checked = elms[i].checked ? 0 : 1;

} else {

elms[i].checked = action;

}

}

}

function changeBoxesApproval(action) {

var f = document.frm_view_setup;

var elms = f.elementapproval;

for( var i = 0; i < elms.length; i++ ) {

if( elms[i].type != 'checkbox' ){ continue; }

if( action < 0 ){

elms[i].checked = elms[i].checked ? 0 : 1;

} else {

elms[i].checked = action;

}

}

}

function changeBoxesTeam(action) {

var f = document.frm_view_setup;

var elms = f.elementteam;

for( var i = 0; i < elms.length; i++ ) {

if( elms[i].type != 'checkbox' ){ continue; }

if( action < 0 ){

elms[i].checked = elms[i].checked ? 0 : 1;

} else {

elms[i].checked = action;

}

}

}

function changeBoxesStaffName(action) {

var f = document.frm_view_setup;

var elms = f.elementstaffname;

for( var i = 0; i < elms.length; i++ ) {

if( elms[i].type != 'checkbox' ){ continue; }

if( action < 0 ){

elms[i].checked = elms[i].checked ? 0 : 1;

} else {

elms[i].checked = action;

}

}

}

</script>

<script type="text/javascript">

function get_check_value()

{

var c_value_pro = "";

for (var i=0; i < document.frm_view_setup.elementprovince.length; i++)

{

if (document.frm_view_setup.elementprovince[i].checked)

{

c_value_pro = c_value_pro +
document.frm_view_setup.elementprovince[i].value;

}

}

var c_value_type = "";

for (var i=0; i < document.frm_view_setup.elementstype.length; i++)

{

if (document.frm_view_setup.elementstype[i].checked)

{

c_value_type = c_value_type +
document.frm_view_setup.elementstype[i].value;

}

}

var c_value_equip = "";

for (var i=0; i < document.frm_view_setup.elementsequipment.length; i++)

{

if (document.frm_view_setup.elementsequipment[i].checked)

{

c_value_equip = c_value_equip +
document.frm_view_setup.elementsequipment[i].value;

}

}

var c_value_downtime = "";

for (var i=0; i < document.frm_view_setup.elementdown.length; i++)

{

if (document.frm_view_setup.elementdown[i].checked)

{

c_value_downtime = c_value_downtime +
document.frm_view_setup.elementdown[i].value;

}

}

var c_value_status = "";

for (var i=0; i < document.frm_view_setup.elementstatus.length; i++)

{

if (document.frm_view_setup.elementstatus[i].checked)

{

c_value_status = c_value_status +
document.frm_view_setup.elementstatus[i].value;

}

}

var c_value_approval = "";

for (var i=0; i < document.frm_view_setup.elementapproval.length; i++)

{

if (document.frm_view_setup.elementapproval[i].checked)

{

c_value_approval = c_value_approval +
document.frm_view_setup.elementapproval[i].value;

}

}

var c_value_team = "";

for (var i=0; i < document.frm_view_setup.elementteam.length; i++)

{

if (document.frm_view_setup.elementteam[i].checked)

{

c_value_team = c_value_team +
document.frm_view_setup.elementteam[i].value;

}

}

var c_value_staffname = "";

for (var i=0; i < document.frm_view_setup.elementstaffname.length; i++)

{

if (document.frm_view_setup.elementstaffname[i].checked)

{

c_value_staffname = c_value_staffname +
document.frm_view_setup.elementstaffname[i].value;

}

}

window.location =
"/jobview/view_detail_job_setup?province="+c_value_pro+
"&type_of_job="+c_value_type+"&equipment_part="+c_value_equip+"&sitedown="
+c_value_downtime+"&job_status="+c_value_status+"&job_status="
+c_value_approval+"&team_on_job="+c_value_team+"&RecorderName="
+c_value_staffname;

}

</script>

<div align="left" class="h_top_menu_bottom">

<div align="center">

<ul class="menu_bottom_left">

<li><a href="/jobview/view_job" class="h_top_job_view"><span></span><div
align="center">View</div></a></li>

<li><a onClick="approval_info()" class="h_top_modify"><span
align="center"></span><div
align="center">Modify</div></a></li>

<li><a onClick="show_history()" class="h_top_history"><span
align="center"></span><div
align="center">History</div></a></li>

<li><a onClick="transfer_info()" class="h_top_transfer"><span
align="center"></span><div
align="center">Transfer</div></a></li>

<li><a onClick="reject_info();" class="h_top_reject"><span
align="center"></span><div
align="center">Reject</div></a></li>

<li class="border_active"><a href="/jobview/view_job_setup"
class="h_top_view_job_setup
Setupviewjob_active"><span align="center"></span><div
align="center">View
Job Setup</div></a></li>

</ul>

</div>

<div class="caption_header">PSS JOB DESCRIPTION - MODIFY</div>

</div>

<div class="body_header_content">

<% *if* flash[*:notice*] %><div style="text-align:center;
color:#ffffff;"><%=
flash[*:notice*] %></div><div style="padding-bottom: 3px;"></div><%
*end* %>


<% form_for *:tblpss_description_record*, *@tblpss_description_record*,
*
:url*=>{ *:action*=>'view_detail_job_setup' }, *:html*=>{ *:id*=>
'frm_view_setup', *:name*=>'frm_view_setup', *:method* => *:get*} *do*
|f|%>


<div class="mar_table clearfix" align="left">

<div class="b_add_table_g_permission" align="left">

<div class="main_title">

<div class="f_left">

</div>

</div>

<body>

<div class="bgbordercontent">

<div class="top_content"></div>

<div class="center_content">

<div class="b_add_t_body_data clearfix">

<div>

<div class="caption_data_show">

<table width="1100px" border="0" cellpadding="0" cellspacing="0" style=
"color:#124bbf">

<tr>

<td>

<address class="time_field">

<span class="title_field1">TIME</span><br />

<input type="radio" name="TIME_VIEW" value="ALL" id="optALL">ALL<br />

<input type="radio" name="TIME_VIEW" value="TODAY"
id="optTODAY">TODAY<br />

<input type="radio" name="TIME_VIEW" value="ONE WEEK"
id="optONEWEEK">ONE
WEEK<br />

<input type="radio" name="TIME_VIEW" value="TWO WEEK"
id="optTWOWEEK">TWO
WEEK<br />

<input type="radio" name="TIME_VIEW" value="THIS MONTH"
id="optMONTH">THIS
MONTH<br />

<input type="radio" name="TIME_VIEW" value="TWO MONTH"
id="optTWOMONTH">TWO
MONTH<br />

<input type="radio" name="TIME_VIEW" value="THREE MONTH"
id="optTRHEEMONTH">THREE
MONTH<br />

<input type="radio" name="TIME_VIEW" value="SIX MONTH"
id="optSIXMONTH">SIX
MONTH<br />

</address>

</td>

<td>

<address class="province_field">

<span class="title_field">PROVINCE</span><br />

<u onclick="changeBoxesProvince(0)" style="cursor:
pointer;">UNCHECK</u><br
/>

<input type="checkbox" name="elementprovince" value="ALL"
id="optPROVINCE"
onclick="changeBoxesProvince(1)">ALL<br>

<input type="checkbox" name="elementprovince" value="PHNOM PENH" id=
"optPROVINCE">PHNOM PENH<br>

<input type="checkbox" name="elementprovince" value="BANTEAY MEANCHEY"
id=
"optPROVINCE">BANTEAY MEANCHEY<br>

<input type="checkbox" name="elementprovince" value="BATTAMBANG" id=
"optPROVINCE">BATTAMBANG<br>

<input type="checkbox" name="elementprovince" value="KAMPONG CHAM" id=
"optPROVINCE">KAMPONG CHAM<br>

<input type="checkbox" name="elementprovince" value="KAMPONG CHHNANG"
id=
"optPROVINCE">KAMPONG CHHNANG<br>

<input type="checkbox" name="elementprovince" value="KAMPONG SPEU" id=
"optPROVINCE">KAMPONG SPEU<br>

<input type="checkbox" name="elementprovince" value="KAMPONG THOM" id=
"optPROVINCE">KAMPONG THOM<br>

<input type="checkbox" name="elementprovince" value="KAMPOT" id=
"optPROVINCE">KAMPOT<br>

<input type="checkbox" name="elementprovince" value="KANDAL" id=
"optPROVINCE">KANDAL<br>

<input type="checkbox" name="elementprovince" value="KEP VILLE" id=
"optPROVINCE">KEP VILLE<br>

<input type="checkbox" name="elementprovince" value="KOH KONG" id=
"optPROVINCE">KOH KONG<br>

<input type="checkbox" name="elementprovince" value="KRATIE" id=
"optPROVINCE">KRATIE<br>

<input type="checkbox" name="elementprovince" value="MONDOL KIRI" id=
"optPROVINCE">MONDOL KIRI<br>

<input type="checkbox" name="elementprovince" value="ODORMEANCHEY" id=
"optPROVINCE">ODORMEANCHEY<br>

<input type="checkbox" name="elementprovince" value="PAILIN" id=
"optPROVINCE">PAILIN<br>

<input type="checkbox" name="elementprovince" value="PREAH VIHEAR" id=
"optPROVINCE">PREAH VIHEAR<br>

<input type="checkbox" name="elementprovince" value="PREY VENG" id=
"optPROVINCE">PREY VENG<br>

<input type="checkbox" name="elementprovince" value="PURSAT" id=
"optPROVINCE">PURSAT<br>

<input type="checkbox" name="elementprovince" value="RATTANAKIRI" id=
"optPROVINCE">RATTANAKIRI<br>

<input type="checkbox" name="elementprovince" value="SIEM REAP" id=
"optPROVINCE">SIEM REAP<br>

<input type="checkbox" name="elementprovince" value="SIHANOUK VILLE" id=
"optPROVINCE">SIHANOUK VILLE<br>

<input type="checkbox" name="elementprovince" value="STUNG SRENG" id=
"optPROVINCE">STUNG SRENG<br>

<input type="checkbox" name="elementprovince" value="SVAY RIENG" id=
"optPROVINCE">SVAY RIENG<br>

<input type="checkbox" name="elementprovince" value="TAKEO"
id="optPROVINCE"
>TAKEO<br>

</address>

</td>

<td>

<address class="jobtype_field">

<span class="title_field">TYPE OF JOB</span><br />

<u onclick="changeBoxesTypejob(0)" style="cursor:
pointer;">UNCHECK</u><br
/>

<input type="checkbox" name="elementstype" value="ALL" id="optJOBTYPE"
onclick="changeBoxesTypejob(1)">ALL<br>

<input type="checkbox" name="elementstype" value="PREVENTIVE" id=
"optJOBTYPE">PREVENTIVE<br>

<input type="checkbox" name="elementstype" value="CORRECTIVE" id=
"optJOBTYPE">CORRECTIVE<br>

<input type="checkbox" name="elementstype" value="INSTALLATION" id=
"optJOBTYPE">INSTALLATION<br>

<input type="checkbox" name="elementstype" value="OTHER"
id="optJOBTYPE">
OTHER<br>

</address>

</td>

<td>

<address class="equipment_field">

<span class="title_field">EQUIPMENT PART</span><br />

<u onclick="changeBoxesequipment(0)" style="cursor:
pointer;">UNCHECK</u><br
/>

<input type="checkbox" name="elementsequipment" value="ALL" id=
"optEQUIPMENT" onclick="changeBoxesequipment(1)">ALL<br>

<input type="checkbox" name="elementsequipment" value="ELECTRICITY" id=
"optEQUIPMENT">ELECTRICITY<br>

<input type="checkbox" name="elementsequipment" value="GENERATOR" id=
"optEQUIPMENT">GENERATOR<br>

<input type="checkbox" name="elementsequipment" value="RECTIFIER" id=
"optEQUIPMENT">RECTIFIER<br>

<input type="checkbox" name="elementsequipment" value="BATTERY" id=
"optEQUIPMENT">BATTERY<br>

<input type="checkbox" name="elementsequipment" value="AIR CONDITION"
id=
"optEQUIPMENT">AIR CONDITION<br>

<input type="checkbox" name="elementsequipment" value="OTHER" id=
"optEQUIPMENT">OTHER<br>

</address>

</td>

<td>

<address class="downtime_field">

<span class="title_field">DOWNTIME</span><br />

<u onclick="changeBoxes(0)" style="cursor: pointer;">UNCHECK</u><br />

<input type="checkbox" name="elementdown" value="ALL" id="optDOWNTIME"
onclick="changeBoxes(1)">ALL<br>

<input type="checkbox" name="elementdown" value="YES"
id="optDOWNTIME">YES
<br>

<input type="checkbox" name="elementdown" value="NO"
id="optDOWNTIME">NO<br>

</address>

</td>

<td>

<address class="status_field">

<span class="title_field">STATUS</span><br />

<span><u onclick="changeBoxesStatus(0)" style="cursor:
pointer;">UNCHECK</u></span><br
/>

<input type="checkbox" name="elementstatus" value="ALL" id="optSTATUS"
onclick="changeBoxesStatus(1)">ALL<br>

<input type="checkbox" name="elementstatus" value="WORKING"
id="optSTATUS">
WORKING<br>

<input type="checkbox" name="elementstatus" value="PENDING"
id="optSTATUS">
PENDING<br>

<input type="checkbox" name="elementstatus" value="CLOSE"
id="optSTATUS">
CLOSE<br>

<input type="checkbox" name="elementstatus" value="REJECTED"
id="optSTATUS">
REJECTED<br>

</address>

</td>

<td>

<address class="approval_field">

<span class="title_field">APPROVAL</span><br />

<u onclick="changeBoxesApproval(0)" style="cursor:
pointer;">UNCHECK</u><br
/>

<input type="checkbox" name="elementapproval" value="ALL"
id="optAPPROVAL"
onclick="changeBoxesApproval(1)">ALL<br>

<input type="checkbox" name="elementapproval" value="APPROVED" id=
"optAPPROVAL">APPROVED<br>

</address>

</td>

<td>

<address class="team_field">

<span class="title_field">TEAM</span><br />

<u onclick="changeBoxesTeam(0)" style="cursor: pointer;">UNCHECK</u><br
/>

<input type="checkbox" name="elementteam" value="ALL" id="optTEAM"
onclick=
"changeBoxesTeam(1)">ALL<br>

<input type="checkbox" name="elementteam" value="TEAM 1"
id="optTEAM">TEAM 1
<br>

<input type="checkbox" name="elementteam" value="TEAM 2"
id="optTEAM">TEAM 2
<br>

<input type="checkbox" name="elementteam" value="TEAM 3"
id="optTEAM">TEAM 3
<br>

<input type="checkbox" name="elementteam" value="TEAM 4"
id="optTEAM">TEAM 4
<br>

<input type="checkbox" name="elementteam" value="OTHER"
id="optTEAM">OTHER
<br>

</address>

</td>

<td>

<address class="staffname_field">

<span class="title_field">STAFF NAME</span><br />

<u onclick="changeBoxesStaffName(0)" style="cursor:
pointer;">UNCHECK</u><br
/>

<input type="checkbox" name="elementstaffname" value="ALL" id="optSTAFF"
onclick="changeBoxesStaffName(1)">ALL<br>

<input type="checkbox" name="elementstaffname" value="CHANDARA" id=
"optSTAFF">CHANDARA<br>

<input type="checkbox" name="elementstaffname" value="CHAMNAN"
id="optSTAFF"
>CHAMNAN<br>

<input type="checkbox" name="elementstaffname" value="CHENG"
id="optSTAFF">
CHENG<br>

<input type="checkbox" name="elementstaffname" value="CHINVEY"
id="optSTAFF"
>CHINVEY<br>

<input type="checkbox" name="elementstaffname" value="CHHIM"
id="optSTAFF">
CHHIM<br>

<input type="checkbox" name="elementstaffname" value="DANO"
id="optSTAFF">
DANO<br>

<input type="checkbox" name="elementstaffname" value="DSOPHORN" id=
"optSTAFF">DSOPHORN<br>

<input type="checkbox" name="elementstaffname" value="KOSAL"
id="optSTAFF">
KOSAL<br>

<input type="checkbox" name="elementstaffname" value="KIMRIM"
id="optSTAFF">
KIMRIM<br>

<input type="checkbox" name="elementstaffname" value="HEAN"
id="optSTAFF">
HEAN<br>

<input type="checkbox" name="elementstaffname" value="MOASAM"
id="optSTAFF">
MOASAM<br>

<input type="checkbox" name="elementstaffname" value="NADA"
id="optSTAFF">
NADA<br>

<input type="checkbox" name="elementstaffname" value="RUMNEA"
id="optSTAFF">
RUMNEA<br>

<input type="checkbox" name="elementstaffname" value="SOMANIN"
id="optSTAFF"
>SOMANIN<br>

<input type="checkbox" name="elementstaffname" value="SOPHY"
id="optSTAFF">
SOPHY<br>

<input type="checkbox" name="elementstaffname" value="SOPHAL"
id="optSTAFF">
SOPHAL<br>

<input type="checkbox" name="elementstaffname" value="SOKHA"
id="optSTAFF">
SOKHA<br>

<input type="checkbox" name="elementstaffname" value="SARIN"
id="optSTAFF">
SARIN<br>

<input type="checkbox" name="elementstaffname" value="SOKOUL"
id="optSTAFF">
SOKOUL<br>

<input type="checkbox" name="elementstaffname" value="SAMNANG"
id="optSTAFF"
>SAMNANG<br>

<input type="checkbox" name="elementstaffname" value="PHEARIT"
id="optSTAFF"
>PHEARIT<br>

<input type="checkbox" name="elementstaffname" value="VENG"
id="optSTAFF">
VENG<br>

<input type="checkbox" name="elementstaffname" value="VANNAK"
id="optSTAFF">
VANNAK<br>

<input type="checkbox" name="elementstaffname" value="YOULEANG" id=
"optSTAFF">YOULEANG<br>

</address>

<% *end* %>

</td>

</tr>

</table>

</div>

<div class="c_both">

<div class="row_metertran">

</div>

</div>

</div>

<div class="b_add_t_body_right2 clearfix">

</div>

<div class="b_add_t_bodycontent_righttram clearfix">

<div class="c_both">

<div class="row_meter4">

 </div>

</div>

</div>

</div>

<div>

<div class="c_both">

<div class="row_back1">

<div class="t_button">

<a class="cmd_submit clearfix"

onClick="get_check_value();">

<div class="cmd_s_left"></div>

<div class="cmd_s_center"><span>SUBMIT</span></div>

<div class="cmd_s_right"></div>

</a>

<a class="cmd_submit clearfix"

onClick="javascript:{}">

<div class="cmd_s_left"></div>

<div class="cmd_s_center"><span>CANCEL</span></div>

<div class="cmd_s_cancel"></div>

</a>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>
================end==================

=============in advancedsearch Controller

*

def* advanced_search

$elementspro = params[*:elementprovince*]

$elementstype = params[*:elementstype*]

$elementsequipment = params[*:elementsequipment*]

$elementdown = params[*:elementdown*]

$elementstatus = params[*:elementstatus*]

$elementapproval = params[*:elementapproval*]

$elementteam = params[*:elementteam*]

$elementstaffname = params[*:elementstaffname*]

$frm_view_setup = params[*:frm_view_setup*]

*@tblpss_description_records* = TblpssDescriptionRecord.paginate *:page*
=>
params[*:page*], *:conditions*=>"province='" + $elementspro + "'" + "or
type_of_job='" + $elementstype + "'" +

"or equipment_part='" + $elementsequipment + "'" + "or sitedown='" +
$elementdown + "'" + "or job_status='" + $elementstatus + "'" +

"or job_status='" + $elementapproval + "'" + "or team_on_job='" +
$elementteam + "'" + "or RecorderName='" + $elementstaffname + "'",
*:order*=> 'jobNo
ASC', *:per_page* => $per_page

*end
*
Frederick C. (Guest)
on 2009-03-06 12:46
(Received via mailing list)
> <%= stylesheet_link_tag 'dynamicStyling' %>
>

You're going have to trim this down a lot - people answer questions on
this list out of good will and for most people that doesn't include
reading 500+ lines of code. I will say this: global variables yuck, I
hope all those * symbols aren't actually in your code and you are
opening yourself to sql injection
Reduce your problem to a short example (you still haven't said what it
is that isn't working) and you might get some help

Fred
Michael G. (Guest)
on 2009-03-15 03:47
(Received via mailing list)
With code like this:

def advanced_search
  $elementspro = params[:elementprovince]
  $elementstype = params[:elementstype]
  $elementsequipment = params[:elementsequipment]
  $elementdown = params[:elementdown]
  $elementstatus = params[:elementstatus]
  $elementapproval = params[:elementapproval]
  $elementteam = params[:elementteam]
  $elementstaffname = params[:elementstaffname]
  $frm_view_setup = params[:frm_view_setup]
  @tblpss_description_records = TblpssDescriptionRecord.paginate :page
=> params[:page], :conditions=>"province='" + $elementspro + "'" + "or
type_of_job='" + $elementstype + "'" +
"or equipment_part='" + $elementsequipment + "'" + "or sitedown='" +
$elementdown + "'" + "or job_status='" + $elementstatus + "'" +
"or job_status='" + $elementapproval + "'" + "or team_on_job='" +
$elementteam + "'" + "or RecorderName='" + $elementstaffname + "'",
:order => 'jobNo ASC', :per_page => $per_page
end

you might as well post your database password in public.  This is
dangerous code.  It allows SQL injection.

It's pretty clear you come from a PHP world.  I suggest you read a few
books on Ruby programming, and google a bit for "rails sql injection."
 Your code is a security nightmare.
Florian Dutey (Guest)
on 2009-03-24 16:57
(Received via mailing list)
You should really read basics about variable types in ruby.
All your $... vars are globals. It's not threadsafe and really hugly.

You should really learn to give readable names to your vars

(ex: params[:elements][:province]).

Why

$elementspro = params[:elementprovince]
#...
:conditions => "province=" + $elementspro

instead of

:conditions => "province=" + params[:elementprovince]

??????. your code will be more readable and threadsafe

Why

:conditions => "province=" + $element

instead of

:conditions => ['province = :elementprovince', params]

????? your code will be more readable AND SAFE!!!

I agree with Michael, you clearly come from php. Ruby is not php.
First, there's threads like in any other correct language and it means
you have to handle with.
Second, in rails, every good practice is often (always?!) simpler to
use than bad practice. Every rails tutorial use good SQL practice, why
not you?

Even your html is ugly.

- Instead of millions of checkboxes, use multiple lists
- Don't write your javascript in your html page
- Don't use divs (or anything else) out of body
- Don't declare body anywhere else than in your layouts
- Don't use logic in view (page = params[:page]) => will_paginate
handle nil params[:page] for you
- Use cool syntax like: page = params[:page] || 1
- Don't use table, unless for tabular data presentation (table is a
table, not a visual tool)
- Don't use style propertie in html, use css in separated css file(s)

NEVER USE GLOBAL VARS! it's really rare when you can justify of their
using.
I think you're clearly not ready to use mvc and oop, go read manuals.
You just proved, another time, that most of php coders suck.
khim (Guest)
on 2009-04-01 07:21
(Received via mailing list)
On Mar 15, 8:46 am, Michael G. <removed_email_address@domain.invalid> wrote:
>   $elementstaffname = params[:elementstaffname]
>
> you might as well post your database password in public.  This is
> dangerous code.  It allows SQL injection.
>
> It's pretty clear you come from a PHP world.  I suggest you read a few
> books on Ruby programming, and google a bit for "rails sql injection."
>  Your code is a security nightmare.


==============================

Hi Mr. Michael G.

   thank a million for your advice.but I want to use ruby on rail
because I just use it in LAN only,my advanced search is the same
http://bitnami.org/advanced_search.they worked in ruby on rails too.I
try the best to do like that but I still get fails.now i will show you
abit with my code in controller

def view_detail_job_setup
        if request.get?
          elementdowns = params[:elementdown]
          elementstatus = params[:elementstatus]
          @tblpss_description_records = []
          for elmdown in elementdowns
            case elmdown
              when "ALL"
                @tblpss_description_records =
TblpssDescriptionRecord.paginate :page => params[:page], :order =>
'jobNo ASC', :per_page => $per_page
                break
              when "YES"
                @tblpss_description_records =
TblpssDescriptionRecord.paginate :page => params
[:page], :conditions=>"sitedown='" + elmdown + "'", :order => 'jobNo
ASC', :per_page => $per_page
                break
              when "NO"
                @tblpss_description_records =
TblpssDescriptionRecord.paginate :page => params
[:page], :conditions=>"sitedown='" + elmdown + "'", :order => 'jobNo
ASC', :per_page => $per_page
                break
              else
                @tblpss_description_records =
TblpssDescriptionRecord.paginate :page => params
[:page], :conditions=>"sitedown='YES' and sitedown='NO'", :order =>
'jobNo ASC', :per_page => $per_page
                break
            end
         end
      end
    end


So can you give your advice to me more about it?


thank in advance
Florian Dutey (Guest)
on 2009-04-24 16:32
(Received via mailing list)
Please, please please

use readable names for your variables or class names

what does mean TblpssDescriptionRecord?

I tried to rewrite it to help you but it's really too ugly and really
doesn't mean nothing.

STOP reassign your params vars, use:

params[:elementdown].each do |element_down|
  ....
end if params[:elementdown]

and why do you repeat your find on each when?
why not?

conditions = case xxx
when ... then nil
when ... then ['sitedown = ?', element_down]
end

YourFuckingUnreadableModel.paginate(:conditions =>
conditions, :per_page => per_page, :page => page)

hu?

You should learn coding before ruby or rails.
This topic is locked and can not be replied to.