In short, I’m looking for a way to grab a string from a database and use
it as code in my rails app. I understand the security implications, but
it’s still what I want to do (and I don’t know what other options I
have!).
I have an ecommerce site that I’m working on, and I want users to be
able to narrow search results using filters. The filters are set up in
the database so that each has a filter_key and filter_value. These are
added to a hash that then fetches items that meet the desired criteria.
Specifically, here’s what it looks like:
@active_filters.each_value do |a|
@filters[a.filter_key] = a.filter_value
end
@active_filters is a hash. @filters is used in the item lookup
elsewhere. In the database, one filter_key is “our_price” (also a
column in the items table), and the corresponding value is a range:
101…300. If I put the range into the code directly, the item lookup
contains a “WHERE items.our_price
BETWEEN 101 AND 300” statement.
However, when the filter_value is returned, the statement is “WHERE
items.our_price
= ‘101…300’”, obviously not what I’m looking for.
Does anybody have any suggestions for how to do this? …or what I
should be doing instead? I really appreciate. My first “real” rails
app has grown into a monster!
Thanks.
-Kyle