Querying MySQL from a select box form

I don’t even know how to explain the weirdness of this one except to
show the query it’s making when it displays the error

http://www.customlasercutting.com/site/info/materials

Scroll down to the yellow “Materials search too” box and try selecting,
say… black AND black top white core (under colors). Normally the query
uses IN, not LIKE, but so I could see the query, I made it like that.

Notice how it puts %2520 for spaces (or %252F for /)? It messes up the
query, obviously. How would I tell it to output a " " instead of %2520?

Also, it only does it when multiple items are selected. If you select
JUST one item with spaces, it works

Ruby code: http://pastie.caboo.se/69978
Select boxes: http://pastie.caboo.se/69979

Any help with this would be greatly appreciated! Thanks in advance.

Brandon Robison wrote:

query, obviously. How would I tell it to output a " " instead of %2520?

Also, it only does it when multiple items are selected. If you select
JUST one item with spaces, it works

Ruby code: http://pastie.caboo.se/69978
Select boxes: http://pastie.caboo.se/69979

Any help with this would be greatly appreciated! Thanks in advance.

(Sorry–this may be a double send.)
Brandon,

I notice that when a space is converted to URL characters, it becomes
%20. When a percent sign is converted, it becomes %25. So you get %2520
when you attempt to convert " " twice: " " -> “%20” -> “%2520”

The same is true of the conversion for “/”.

I don’t see where these conversions are taking place, but knowing what’s
wrong may be enough for you to find it. However, I think something else
is wrong with your queries, because selecting two items never seems to
work, regardless of whether they contain spaces.

Dan

On the security side of things you might want to code some input
validation
routines. I can’t see all of your code or the back parts of it but it
appears that you might be leaving yourself open to SQL injection
attacks.

  • Nathan

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs