Forum: Ruby on Rails paginate session problem.. (syntax question)

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Edf23a9a2cf873fd5827caa8a436d86c?d=identicon&s=25 Jason K. Jackson (Guest)
on 2006-06-10 23:45
(Received via mailing list)
I have this code in my controller and i cannot seem to figure out how to
get
it to paginate correctly..  Is there a trick to do something like this?
There are a few others at www.rubyonrailsforum.com that are having the
same
issue.  Any insite would be great, thanks in advance!



  def display_location
    if params[:search] && params[:search].size > 0
      @listing_pages, @listings = paginate (:listings,
      :per_page => 10,
      :order => "budget desc")
      locations = (params[:search] || {:default =>
"someplace"}).values.map{
|x| '"' + x + '"' }
      conditions = '["station = ?", ' + locations.join(",") + "]"
      @listings = Listing.find(:all, :conditions => "station IN (" +
locations.join(",") + ")")
    else
      flash[:notice] = "There are no listings in this search"
    end
  end
C9c7a65848f13e2b1a226bbe43bc3672?d=identicon&s=25 Pete Yandell (pete)
on 2006-06-12 04:20
(Received via mailing list)
Jason,

On 11/06/2006, at 7:42 AM, Jason K. Jackson wrote:

> I have this code in my controller and i cannot seem to figure out
> how to get it to paginate correctly..  Is there a trick to do
> something like this?  There are a few others at
> www.rubyonrailsforum.com that are having the same issue.  Any
> insite would be great, thanks in advance!
>
>   def display_location
>     if params[:search] && params[:search].size > 0

Here you generate a paginated value for @listings:

>       @listing_pages, @listings = paginate (:listings,
>       :per_page => 10,
>       :order => "budget desc")
>       locations = (params[:search] || {:default =>
> "someplace"}).values.map{ |x| '"' + x + '"' }
>       conditions = '["station = ?", ' + locations.join(",") + "]"

And here you overwrite it with every record from your query:

>       @listings = Listing.find(:all, :conditions => "station IN ("
> + locations.join(",") + ")")

You also set the conditions variable and then never use it, plus
you've opened yourself up to an SQL injection attack with the way you
generate your conditions.

You probably want:

   @listing_pages, @listings = paginate(
     :listing, :per_page => 10,
     :conditions => ["station IN (?)", (params[:search] || {:default
=> "someplace"}).values],
     :order => "budget DESC"
   )

(I'm not sure if the brackets should be around the question mark in
the conditions...if it doesn't work the way I've written it, try
removing the brackets.)

Pete Yandell
http://9cays.com
This topic is locked and can not be replied to.