Hi all,
I am doing with ruby on rail, now i am having a problem with advanced
search by using multiple checkboxs and multiple radio.when i submited,
it doesn’t show the result.so i hope all of you will be try and take the
time to do it for me by regard, thank in advance!
Could you paste in some of your code? What example are you using?
Khim Sreang wrote:
Hi all,
I am doing with ruby on rail, now i am having a problem with advanced
search by using multiple checkboxs and multiple radio.when i submited,
it doesn’t show the result.so i hope all of you will be try and take the
time to do it for me by regard, thank in advance!
You’re going have to trim this down a lot - people answer questions on
this list out of good will and for most people that doesn’t include
reading 500+ lines of code. I will say this: global variables yuck, I
hope all those * symbols aren’t actually in your code and you are
opening yourself to sql injection
Reduce your problem to a short example (you still haven’t said what it
is that isn’t working) and you might get some help
you might as well post your database password in public. This is
dangerous code. It allows SQL injection.
It’s pretty clear you come from a PHP world. I suggest you read a few
books on Ruby programming, and google a bit for “rails sql injection.”
Your code is a security nightmare.
you might as well post your database password in public. This is
dangerous code. It allows SQL injection.
It’s pretty clear you come from a PHP world. I suggest you read a few
books on Ruby programming, and google a bit for “rails sql injection.”
Your code is a security nightmare.
==============================
Hi Mr. Michael G.
thank a million for your advice.but I want to use ruby on rail
because I just use it in LAN only,my advanced search is the same Search Products worked in ruby on rails too.I
try the best to do like that but I still get fails.now i will show you
abit with my code in controller
def view_detail_job_setup
if request.get?
elementdowns = params[:elementdown]
elementstatus = params[:elementstatus] @tblpss_description_records = []
for elmdown in elementdowns
case elmdown
when “ALL” @tblpss_description_records =
TblpssDescriptionRecord.paginate :page => params[:page], :order =>
‘jobNo ASC’, :per_page => $per_page
break
when “YES” @tblpss_description_records =
TblpssDescriptionRecord.paginate :page => params
[:page], :conditions=>“sitedown='” + elmdown + “'”, :order => ‘jobNo
ASC’, :per_page => $per_page
break
when “NO” @tblpss_description_records =
TblpssDescriptionRecord.paginate :page => params
[:page], :conditions=>“sitedown='” + elmdown + “'”, :order => ‘jobNo
ASC’, :per_page => $per_page
break
else @tblpss_description_records =
TblpssDescriptionRecord.paginate :page => params
[:page], :conditions=>“sitedown=‘YES’ and sitedown=‘NO’”, :order =>
‘jobNo ASC’, :per_page => $per_page
break
end
end
end
end
I agree with Michael, you clearly come from php. Ruby is not php.
First, there’s threads like in any other correct language and it means
you have to handle with.
Second, in rails, every good practice is often (always?!) simpler to
use than bad practice. Every rails tutorial use good SQL practice, why
not you?
Even your html is ugly.
Instead of millions of checkboxes, use multiple lists
Don’t write your javascript in your html page
Don’t use divs (or anything else) out of body
Don’t declare body anywhere else than in your layouts
Don’t use logic in view (page = params[:page]) => will_paginate
handle nil params[:page] for you
Use cool syntax like: page = params[:page] || 1
Don’t use table, unless for tabular data presentation (table is a
table, not a visual tool)
Don’t use style propertie in html, use css in separated css file(s)
NEVER USE GLOBAL VARS! it’s really rare when you can justify of their
using.
I think you’re clearly not ready to use mvc and oop, go read manuals.
You just proved, another time, that most of php coders suck.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.