Advanced Search In Ruby on Rails

khim · March 4, 2009, 5:51am

Hi all,
I am doing with ruby on rail, now i am having a problem with advanced
search by using multiple checkboxs and multiple radio.when i submited,
it doesn’t show the result.so i hope all of you will be try and take the
time to do it for me by regard, thank in advance!

   sincerely
         khim

khim · March 4, 2009, 8:47am

Could you paste in some of your code? What example are you using?

Khim Sreang wrote:

Hi all,
I am doing with ruby on rail, now i am having a problem with advanced
search by using multiple checkboxs and multiple radio.when i submited,
it doesn’t show the result.so i hope all of you will be try and take the
time to do it for me by regard, thank in advance!
   sincerely
         khim

khim · March 4, 2009, 9:12am

heavy interface you got there. still, without your code nobody will be
able to tell you where you went wrong.

khim · March 6, 2009, 11:46am

<%= stylesheet_link_tag ‘dynamicStyling’ %>

You’re going have to trim this down a lot - people answer questions on
this list out of good will and for most people that doesn’t include
reading 500+ lines of code. I will say this: global variables yuck, I
hope all those * symbols aren’t actually in your code and you are
opening yourself to sql injection
Reduce your problem to a short example (you still haven’t said what it
is that isn’t working) and you might get some help

Fred

khim · March 15, 2009, 2:47am

With code like this:

def advanced_search
$elementspro = params[:elementprovince]
$elementstype = params[:elementstype]
$elementsequipment = params[:elementsequipment]
$elementdown = params[:elementdown]
$elementstatus = params[:elementstatus]
$elementapproval = params[:elementapproval]
$elementteam = params[:elementteam]
$elementstaffname = params[:elementstaffname]
$frm_view_setup = params[:frm_view_setup]
@tblpss_description_records = TblpssDescriptionRecord.paginate :page
=> params[:page], :conditions=>“province=’” + $elementspro + “’” + “or
type_of_job=’” + $elementstype + “’” +
“or equipment_part=’” + $elementsequipment + “’” + “or sitedown=’” +
$elementdown + “’” + “or job_status=’” + $elementstatus + “’” +
“or job_status=’” + $elementapproval + “’” + “or team_on_job=’” +
$elementteam + “’” + “or RecorderName=’” + $elementstaffname + “’”,
:order => ‘jobNo ASC’, :per_page => $per_page
end

you might as well post your database password in public. This is
dangerous code. It allows SQL injection.

It’s pretty clear you come from a PHP world. I suggest you read a few
books on Ruby programming, and google a bit for “rails sql injection.”
Your code is a security nightmare.

khim · March 6, 2009, 4:30am

=================advanced_search.rhtml=========================

<%= stylesheet_link_tag ‘dynamicStyling’ %>

<%

if params[:page]

page = params[:page]

*else
*

page = *1
*

*end
*

%>

View
Modify
History
Transfer
Reject
View Job Setup

PSS JOB DESCRIPTION - MODIFY

<% if flash[:notice] %>

<%=
flash[:notice] %>

<%
end %>

<% form_for :tblpss_description_record, @tblpss_description_record,
*
:url*=>{ :action=>‘view_detail_job_setup’ }, :html=>{ :id=>
‘frm_view_setup’, :name=>‘frm_view_setup’, :method => :get} do
|f|%>

TIME

ALL

TODAY

ONE
WEEK

TWO
WEEK

THIS
MONTH

TWO
MONTH

THREE
MONTH

SIX
MONTH

PROVINCE

UNCHECK

ALL

PHNOM PENH

BANTEAY MEANCHEY

BATTAMBANG

KAMPONG CHAM

KAMPONG CHHNANG

KAMPONG SPEU

KAMPONG THOM

KAMPOT

KANDAL

KEP VILLE

KOH KONG

KRATIE

MONDOL KIRI

ODORMEANCHEY

PAILIN

PREAH VIHEAR

PREY VENG

PURSAT

RATTANAKIRI

SIEM REAP

SIHANOUK VILLE

STUNG SRENG

SVAY RIENG

<input type=“checkbox” name=“elementprovince” value=“TAKEO”
id=“optPROVINCE”

TAKEO

TYPE OF JOB

UNCHECK

ALL

PREVENTIVE

CORRECTIVE

INSTALLATION

OTHER

EQUIPMENT PART

UNCHECK

ALL

ELECTRICITY

GENERATOR

RECTIFIER

BATTERY

AIR CONDITION

OTHER

DOWNTIME

UNCHECK

ALL

YES

NO

STATUS

UNCHECK

ALL

WORKING

PENDING

CLOSE

REJECTED

APPROVAL

UNCHECK

ALL

APPROVED

TEAM

UNCHECK

ALL

TEAM 1

TEAM 2

TEAM 3

TEAM 4

OTHER

STAFF NAME

UNCHECK

ALL

CHANDARA

<input type=“checkbox” name=“elementstaffname” value=“CHAMNAN”
id=“optSTAFF”

CHAMNAN

CHENG

<input type=“checkbox” name=“elementstaffname” value=“CHINVEY”
id=“optSTAFF”

CHINVEY

CHHIM

DANO

DSOPHORN

KOSAL

KIMRIM

HEAN

MOASAM

NADA

RUMNEA

<input type=“checkbox” name=“elementstaffname” value=“SOMANIN”
id=“optSTAFF”

SOMANIN

SOPHY

SOPHAL

SOKHA

SARIN

SOKOUL

<input type=“checkbox” name=“elementstaffname” value=“SAMNANG”
id=“optSTAFF”

SAMNANG

<input type=“checkbox” name=“elementstaffname” value=“PHEARIT”
id=“optSTAFF”

PHEARIT

VENG

VANNAK

YOULEANG

<% end %>

<a class=“cmd_submit clearfix”

onClick=“get_check_value();”>

SUBMIT

<a class=“cmd_submit clearfix”

onClick=“javascript:{}”>

CANCEL

================end==================

=============in advancedsearch Controller

def* advanced_search

$elementspro = params[:elementprovince]

$elementstype = params[:elementstype]

$elementsequipment = params[:elementsequipment]

$elementdown = params[:elementdown]

$elementstatus = params[:elementstatus]

$elementapproval = params[:elementapproval]

$elementteam = params[:elementteam]

$elementstaffname = params[:elementstaffname]

$frm_view_setup = params[:frm_view_setup]

@tblpss_description_records = TblpssDescriptionRecord.paginate :page
=>
params[:page], :conditions=>“province='” + $elementspro + “'” + “or
type_of_job='” + $elementstype + “'” +

“or equipment_part='” + $elementsequipment + “'” + “or sitedown='” +
$elementdown + “'” + “or job_status='” + $elementstatus + “'” +

“or job_status='” + $elementapproval + “'” + “or team_on_job='” +
$elementteam + “'” + “or RecorderName='” + $elementstaffname + “'”,
:order=> ‘jobNo
ASC’, :per_page => $per_page

*end
*

khim · April 1, 2009, 5:21am

On Mar 15, 8:46 am, Michael G. [email protected] wrote:

$elementstaffname = params[:elementstaffname]

you might as well post your database password in public. This is
dangerous code. It allows SQL injection.

It’s pretty clear you come from a PHP world. I suggest you read a few
books on Ruby programming, and google a bit for “rails sql injection.”
Your code is a security nightmare.

==============================

Hi Mr. Michael G.

thank a million for your advice.but I want to use ruby on rail
because I just use it in LAN only,my advanced search is the same
Search Products worked in ruby on rails too.I
try the best to do like that but I still get fails.now i will show you
abit with my code in controller

def view_detail_job_setup
if request.get?
elementdowns = params[:elementdown]
elementstatus = params[:elementstatus]
@tblpss_description_records = []
for elmdown in elementdowns
case elmdown
when “ALL”
@tblpss_description_records =
TblpssDescriptionRecord.paginate :page => params[:page], :order =>
‘jobNo ASC’, :per_page => $per_page
break
when “YES”
@tblpss_description_records =
TblpssDescriptionRecord.paginate :page => params
[:page], :conditions=>“sitedown='” + elmdown + “'”, :order => ‘jobNo
ASC’, :per_page => $per_page
break
when “NO”
@tblpss_description_records =
TblpssDescriptionRecord.paginate :page => params
[:page], :conditions=>“sitedown='” + elmdown + “'”, :order => ‘jobNo
ASC’, :per_page => $per_page
break
else
@tblpss_description_records =
TblpssDescriptionRecord.paginate :page => params
[:page], :conditions=>“sitedown=‘YES’ and sitedown=‘NO’”, :order =>
‘jobNo ASC’, :per_page => $per_page
break
end
end
end
end

So can you give your advice to me more about it?

thank in advance

khim · April 24, 2009, 2:32pm

Please, please please

use readable names for your variables or class names

what does mean TblpssDescriptionRecord?

I tried to rewrite it to help you but it’s really too ugly and really
doesn’t mean nothing.

STOP reassign your params vars, use:

params[:elementdown].each do |element_down|
…
end if params[:elementdown]

and why do you repeat your find on each when?
why not?

conditions = case xxx
when … then nil
when … then [‘sitedown = ?’, element_down]
end

YourFuckingUnreadableModel.paginate(:conditions =>
conditions, :per_page => per_page, :page => page)

hu?

You should learn coding before ruby or rails.

khim · March 24, 2009, 3:57pm

You should really read basics about variable types in ruby.
All your $… vars are globals. It’s not threadsafe and really hugly.

You should really learn to give readable names to your vars

(ex: params[:elements][:province]).

Why

$elementspro = params[:elementprovince]
#…
:conditions => “province=” + $elementspro

instead of

:conditions => “province=” + params[:elementprovince]

???. your code will be more readable and threadsafe

Why

:conditions => “province=” + $element

instead of

:conditions => [‘province = :elementprovince’, params]

??? your code will be more readable AND SAFE!!!

I agree with Michael, you clearly come from php. Ruby is not php.
First, there’s threads like in any other correct language and it means
you have to handle with.
Second, in rails, every good practice is often (always?!) simpler to
use than bad practice. Every rails tutorial use good SQL practice, why
not you?

Even your html is ugly.

Instead of millions of checkboxes, use multiple lists
Don’t write your javascript in your html page
Don’t use divs (or anything else) out of body
Don’t declare body anywhere else than in your layouts
Don’t use logic in view (page = params[:page]) => will_paginate
handle nil params[:page] for you
Use cool syntax like: page = params[:page] || 1
Don’t use table, unless for tabular data presentation (table is a
table, not a visual tool)
Don’t use style propertie in html, use css in separated css file(s)

NEVER USE GLOBAL VARS! it’s really rare when you can justify of their
using.
I think you’re clearly not ready to use mvc and oop, go read manuals.
You just proved, another time, that most of php coders suck.