Paginate session problem.. (syntax question)


#1

I have this code in my controller and i cannot seem to figure out how to
get
it to paginate correctly… Is there a trick to do something like this?
There are a few others at www.rubyonrailsforum.com that are having the
same
issue. Any insite would be great, thanks in advance!

def display_location
if params[:search] && params[:search].size > 0
@listing_pages, @listings = paginate (:listings,
:per_page => 10,
:order => “budget desc”)
locations = (params[:search] || {:default =>
“someplace”}).values.map{
|x| ‘"’ + x + ‘"’ }
conditions = '[“station = ?”, ’ + locations.join(",") + “]”
@listings = Listing.find(:all, :conditions => “station IN (” +
locations.join(",") + “)”)
else
flash[:notice] = “There are no listings in this search”
end
end


#2

Jason,

On 11/06/2006, at 7:42 AM, Jason K. Jackson wrote:

I have this code in my controller and i cannot seem to figure out
how to get it to paginate correctly… Is there a trick to do
something like this? There are a few others at
www.rubyonrailsforum.com that are having the same issue. Any
insite would be great, thanks in advance!

def display_location
if params[:search] && params[:search].size > 0

Here you generate a paginated value for @listings:

  @listing_pages, @listings = paginate (:listings,
  :per_page => 10,
  :order => "budget desc")
  locations = (params[:search] || {:default =>  

“someplace”}).values.map{ |x| ‘"’ + x + ‘"’ }
conditions = '[“station = ?”, ’ + locations.join(",") + “]”

And here you overwrite it with every record from your query:

  @listings = Listing.find(:all, :conditions => "station IN ("  
  • locations.join(",") + “)”)

You also set the conditions variable and then never use it, plus
you’ve opened yourself up to an SQL injection attack with the way you
generate your conditions.

You probably want:

@listing_pages, @listings = paginate(
:listing, :per_page => 10,
:conditions => [“station IN (?)”, (params[:search] || {:default
=> “someplace”}).values],
:order => “budget DESC”
)

(I’m not sure if the brackets should be around the question mark in
the conditions…if it doesn’t work the way I’ve written it, try
removing the brackets.)

Pete Y.
http://9cays.com