Re: filtering "tags" via checkboxes - HABTM


#1

Many hanks to Joel and Pat for their insight. My modifed version:

MOODS_CONTROLLER.RB

def results
mood_id = params[:mood_id].join(", ")
@moods = Mood.find(:all, :conditions => “id in (#{mood_id})”)
end

RESULTS.RHTML

<% for mood in @moods %>
<%= mood.name %>


    <% mood.tracks.each do |track| %>
  • <%= track.title %>

  • <%end%>



<%end%>

Cheers!
Don C.


#2

As Ezra pointed out, this leaves you vulnerable to SQL injection
attacks. You need to use the [] and placeholders, not sure what the
idiom is called :slight_smile:

  mood_id = params[:mood_id].join(", ")
  @moods = Mood.find(:all, :conditions => ["id in (?)", mood_id])

I’ve never used his ezwhere plugin, but it might be worth looking into.

Pat