Forum: Ruby on Rails Re: filtering "tags" via checkboxes - HABTM

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
73680da1994fb3341d4f51632f82848a?d=identicon&s=25 Don Cento (Guest)
on 2006-02-23 20:53
(Received via mailing list)
Many hanks to Joel and Pat for their insight. My modifed version:

MOODS_CONTROLLER.RB

def results
     mood_id = params[:mood_id].join(", ")
     @moods = Mood.find(:all, :conditions => "id in (#{mood_id})")
   end

RESULTS.RHTML

<% for mood in @moods  %>
	<b><%= mood.name %></b>
	<ul>
		<% mood.tracks.each do |track| %>
			<li><%= track.title %></li>
		<%end%>
	</ul>
	<hr>
<%end%>

Cheers!
Don C.
42172acdf3c6046f84d644cb0b94642c?d=identicon&s=25 Pat Maddox (pergesu)
on 2006-02-23 21:15
(Received via mailing list)
As Ezra pointed out, this leaves you vulnerable to SQL injection
attacks.  You need to use the [] and placeholders, not sure what the
idiom is called :)

      mood_id = params[:mood_id].join(", ")
      @moods = Mood.find(:all, :conditions => ["id in (?)", mood_id])

I've never used his ezwhere plugin, but it might be worth looking into.

Pat
This topic is locked and can not be replied to.