I don't even know how to explain the weirdness of this one except to show the query it's making when it displays the error http://www.customlasercutting.com/site/info/materials Scroll down to the yellow "Materials search too" box and try selecting, say... black AND black top white core (under colors). Normally the query uses IN, not LIKE, but so I could see the query, I made it like that. Notice how it puts %2520 for spaces (or %252F for /)? It messes up the query, obviously. How would I tell it to output a " " instead of %2520? Also, it only does it when multiple items are selected. If you select JUST one item with spaces, it works Ruby code: http://pastie.caboo.se/69978 Select boxes: http://pastie.caboo.se/69979 Any help with this would be greatly appreciated! Thanks in advance.
on 2007-06-13 03:29
on 2007-06-13 04:38
Brandon Robison wrote: > query, obviously. How would I tell it to output a " " instead of %2520? > > Also, it only does it when multiple items are selected. If you select > JUST one item with spaces, it works > > Ruby code: http://pastie.caboo.se/69978 > Select boxes: http://pastie.caboo.se/69979 > > Any help with this would be greatly appreciated! Thanks in advance. > (Sorry--this may be a double send.) Brandon, I notice that when a space is converted to URL characters, it becomes %20. When a percent sign is converted, it becomes %25. So you get %2520 when you attempt to convert " " twice: " " -> "%20" -> "%2520" The same is true of the conversion for "/". I don't see where these conversions are taking place, but knowing what's wrong may be enough for you to find it. However, I think something else is wrong with your queries, because selecting two items never seems to work, regardless of whether they contain spaces. Dan
on 2007-06-13 21:54
On the security side of things you might want to code some input validation routines. I can't see all of your code or the back parts of it but it appears that you might be leaving yourself open to SQL injection attacks. - Nathan