On 6 January 2011 21:34, Jose tomas R. <[email protected]> wrote: > Colin Law wrote in post #972821: >> On 6 January 2011 14:25, Jose tomas R. <[email protected]> wrote: >> >> Please quote the previous message and insert your comments at the >> appropriate point, this makes it easier to follow the thread. >> >>> I dont need @order ar params I need it as a value >> >> I have no idea what you mean by that. params[:order] *is* a value. >> You can say >> @order = params[:order] >> >> If I misunderstand your problem please try to explain again. >> >> Colin > > So > > --- > > <th><%= link_to 'cost', :action => 'search', :order_by => 'cost' > %></th> > > --- > > def search > �...@order = params[:order_by] > �...@cars = Car.paginate :page => params[:page], :order => @order > respond_to do |format| > format.html # index.html.erb > format.xml { render :xml => @cars } > end > end > > --- > > Will order my Cars by it cost?
You do not need me to answer that, your automated tests will tell you whether it does or not. However that is a horrible way to do it. Firstly a small point, the variable @order can just be order, unless you want the variable to be accessible in the view. Secondly, however, imagine what would happen if someone sends an http request with an SQL snippet in :order. That will get inserted into the SQL of the find and could wreck your database. A better way would be to test the value of params[:order] for a set of valid values and use the appropriate order setting in the call to paginate. Colin -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
