Best way to sort categories w/ pager


#1

Ahoy,

I made this pager,

" def list
@item_pages = Paginator.new self, Item.count, 10, @params[‘page’]
@items = Item.find :all, :conditions => “category_id =
#{params[:condition]}”,
:limit => @item_pages.items_per_page,
:offset => @item_pages.current.offset
@categories = Category.find_all
end"

And have this code to switch categories

"

<% @categories.each do |category| %> <% end %>
<%= link_to 'all', :action => 'list' %><%= link_to category.name, :action => 'list', :condition => category.id %><%= link_to 'New category', :controller => 'categories', :action => 'new' %>
"

It works when any of the looped categories are selected because they
pass their ID to the condition of the pager, now, how do I let the “ALL”
link work? Do I need multiple pagers?

Sorry, still on 2nd day rails.


#2

check this out http://www.ruby-forum.com/topic/50290#17201

Would like to know what ppl think of this. Is it good rails practice?


#3

Jeff Gordon wrote:

check this out http://www.ruby-forum.com/topic/50290#17201

Would like to know what ppl think of this. Is it good rails practice?

Thanks for pointing that out, learned a few more things. could someone
w/ experience chime in here?


#4

Will Jessup wrote:

Ahoy,

I made this pager,

" def list
@item_pages = Paginator.new self, Item.count, 10, @params[‘page’]
@items = Item.find :all, :conditions => “category_id =
#{params[:condition]}”,
:limit => @item_pages.items_per_page,
:offset => @item_pages.current.offset
@categories = Category.find_all
end"

And have this code to switch categories

"

<% @categories.each do |category| %> <% end %>
<%= link_to 'all', :action => 'list' %><%= link_to category.name, :action => 'list', :condition => category.id %><%= link_to 'New category', :controller => 'categories', :action => 'new' %>
"

It works when any of the looped categories are selected because they
pass their ID to the condition of the pager, now, how do I let the “ALL”
link work? Do I need multiple pagers?

Sorry, still on 2nd day rails.

Can I ask why you’re not using the standard paginate method?

@item_pages, @items = paginate :items, :conditions => “category_id =
#{params[:condition]}”

Would do pretty much the same as what you’re describing here, wouldn’t
it?

You can optionally choose not to send the :conditions parameter if you
want to show all the records.

O.


#5

because i didn’t see the :conditions in the documentation for that
method at the time. (>_<). How do I optionally choose not to send the
parameter?


#6

Yea, one thing at a time. Still looking how to optionally not send that
parameter.


#7

Not a seasoned expert or anything here, but wouldn’t this be vulnerable
to a SQL injecton attack?

From what I’ve come to understand, it’s better to say this as

@item_pages, @items = paginate :items, :conditions => [“category_id =
?”, params[:category_id]]

And incidentally, the paginate should take pretty much any parameters
you’d want to use with a find, including :order, which is for sorting
the results.

http://api.rubyonrails.com/classes/ActiveRecord/Base.html#M000860

Jeff C.man wrote:

Can I ask why you’re not using the standard paginate method?

@item_pages, @items = paginate :items, :conditions => “category_id =
#{params[:condition]}”

Would do pretty much the same as what you’re describing here, wouldn’t
it?

You can optionally choose not to send the :conditions parameter if you
want to show all the records.


#8

Jeff C.man wrote:

Will Jessup wrote:

Yea, one thing at a time. Still looking how to optionally not send that
parameter.

One simple way:

if params[:category] && params[:category] == “all”
@item_pages, @items = paginate: items
else
@item_pages, @items = paginate :items, :conditions => “category_id =
#{params[:category]}”
end

You’d need to amend your view so that one of the table headings includes
the category parameter “all”:

<%= link_to 'all', :action => 'list', :category => 'all' %>

I’d recommend using the parameter name “category” instead of
“condition”, since it’s more descriptive–you’re sending the name of a
category, so params[:category] would describe that perfectly.

Jeff C.man

And yes, the previous poster was exactly right about SQL
injection–definitely use the form of the statement he recommended.

@item_pages, @items = paginate :items, :conditions => [“category_id =
?”, params[:category_id]]

Jeff


#9

Will Jessup wrote:

Yea, one thing at a time. Still looking how to optionally not send that
parameter.

One simple way:

if params[:category] && params[:category] == “all”
@item_pages, @items = paginate: items
else
@item_pages, @items = paginate :items, :conditions => “category_id =
#{params[:category]}”
end

You’d need to amend your view so that one of the table headings includes
the category parameter “all”:

<%= link_to 'all', :action => 'list', :category => 'all' %>

I’d recommend using the parameter name “category” instead of
“condition”, since it’s more descriptive–you’re sending the name of a
category, so params[:category] would describe that perfectly.

Jeff C.man


#10

Will Jessup wrote:

Jeff,

Thanks a bunch. I knew about the SQL injection (read it in the API later
that night after I posted)

I wasn’t sure that its OK to put that logic in the controller, so that
is fine?

THanks!

That kind of logic is exactly right for the controller. Hope it works
out!

Jeff C.man


#11

Jeff,

Thanks a bunch. I knew about the SQL injection (read it in the API later
that night after I posted)

I wasn’t sure that its OK to put that logic in the controller, so that
is fine?

THanks!


#12

Jeff, What about this.

I now have my paginator attached to a sorter.

def list
@sorter = SortingHelper::Sorter.new self, %w(id name created_on
category_id), @params[‘sort’], @params[‘order’], ‘id’, ‘ASC’
@pages = Paginator.new self, Item.count, 10, @params[‘page’]
if (params[:category])
@items = Item.find(:all, :conditions => [ “items.category_id
= ?”, params[:category]]), @sorter.to_sql, @pages.current.to_sql
else
@items = Item.find_all nil, @sorter.to_sql,
@pages.current.to_sql
end
end

This doesn’t return any results, it seems. I get an error on the next
page when trying to call <%= item.name %> says ‘name’ doesn’t exist.

How can i check how many results are returned? (like mysql_num_rows)?