Please, please please use readable names for your variables or class names
what does mean TblpssDescriptionRecord? I tried to rewrite it to help you but it's really too ugly and really doesn't mean nothing. STOP reassign your params vars, use: params[:elementdown].each do |element_down| .... end if params[:elementdown] and why do you repeat your find on each when? why not? conditions = case xxx when ... then nil when ... then ['sitedown = ?', element_down] end YourFuckingUnreadableModel.paginate(:conditions => conditions, :per_page => per_page, :page => page) hu? You should learn coding before ruby or rails. On 1 avr, 05:20, khim <[email protected]> wrote: > On Mar 15, 8:46 am, Michael Graff <[email protected]> wrote: > > > > > With code like this: > > > def advanced_search > > $elementspro = params[:elementprovince] > > $elementstype = params[:elementstype] > > $elementsequipment = params[:elementsequipment] > > $elementdown = params[:elementdown] > > $elementstatus = params[:elementstatus] > > $elementapproval = params[:elementapproval] > > $elementteam = params[:elementteam] > > $elementstaffname = params[:elementstaffname] > > $frm_view_setup = params[:frm_view_setup] > > @tblpss_description_records = TblpssDescriptionRecord.paginate :page > > => params[:page], :conditions=>"province='" + $elementspro + "'" + "or > > type_of_job='" + $elementstype + "'" + > > "or equipment_part='" + $elementsequipment + "'" + "or sitedown='" + > > $elementdown + "'" + "or job_status='" + $elementstatus + "'" + > > "or job_status='" + $elementapproval + "'" + "or team_on_job='" + > > $elementteam + "'" + "or RecorderName='" + $elementstaffname + "'", > > :order => 'jobNo ASC', :per_page => $per_page > > end > > > you might as well post your database password in public. This is > > dangerous code. It allows SQL injection. > > > It's pretty clear you come from a PHP world. I suggest you read a few > > books on Ruby programming, and google a bit for "rails sql injection." > > Your code is a security nightmare. > > ============================== > > Hi Mr. Michael Graff > > thank a million for your advice.but I want to use ruby on rail > because I just use it in LAN only,my advanced search is the > samehttp://bitnami.org/advanced_search.theyworked in ruby on rails too.I > try the best to do like that but I still get fails.now i will show you > abit with my code in controller > > def view_detail_job_setup > if request.get? > elementdowns = params[:elementdown] > elementstatus = params[:elementstatus] > @tblpss_description_records = [] > for elmdown in elementdowns > case elmdown > when "ALL" > @tblpss_description_records = > TblpssDescriptionRecord.paginate :page => params[:page], :order => > 'jobNo ASC', :per_page => $per_page > break > when "YES" > @tblpss_description_records = > TblpssDescriptionRecord.paginate :page => params > [:page], :conditions=>"sitedown='" + elmdown + "'", :order => 'jobNo > ASC', :per_page => $per_page > break > when "NO" > @tblpss_description_records = > TblpssDescriptionRecord.paginate :page => params > [:page], :conditions=>"sitedown='" + elmdown + "'", :order => 'jobNo > ASC', :per_page => $per_page > break > else > @tblpss_description_records = > TblpssDescriptionRecord.paginate :page => params > [:page], :conditions=>"sitedown='YES' and sitedown='NO'", :order => > 'jobNo ASC', :per_page => $per_page > break > end > end > end > end > > So can you give your advice to me more about it? > > thank in advance --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
