I rearranged your code to make is a little shorter, faster and
eliminate XSS vulnerability:
def ajaxlivesearch():
resultadoParcial = request.vars.values()[0]
array = resultadoParcial.split()
query = reduce(lambda a,b:a&b, [db.Paciente.like('%'+a+'%')
for a in array])
pacientes = db(query).select(db.Paciente.nombre,limitby=(0,7))
j = 0
items = [A(pacient.nombre,
_href="res%s"%j,
_onclick="copyToBox(jQuery('#res%s').html
()"%j) \
for (j,patience) in enumerate(pacientes)]
return DIV(_id="resultLiveSearch",*items)
You code was not working probably because the you were returning a
list, instead of one of a dict() or string. If you return an iterable
(like a list) web2py thinks you want to do streaming.
Moreover every time you find yourself manipulating string to build
HTML like in '<div...' some is wrong. You are putting yourself at risk
of XSS vulnerabilities or just does not work because web2py escaped it
by default: '%ltg;div...'.
Let us know if this fixes your problem.
On Jan 20, 9:57 am, Mandriluy <[email protected]> wrote:
> Hey guys, im new to Web2Py AND python ... my goal was to learn python
> while i move a site i did in php to web2py and im almost finishing :D
>
> Im stuck a bit with ajax and partial queries , im going to detail a
> bit what i mean about partial queries.
>
> I have a field in the DB that has multiple text (yeah thats not
> relational definition) ... imagine i have a field called Name where i
> store the full name of a person. First Name , Second Name, Surname ,
> Second Surname, etc..
>
> What i want is to live search with ajax that DB field so if i write
> the first name it matches and second name also, and so on.
>
> What i did for that an array splitted by spaces and then what i need
> is a way i can use AND with LIKE ... the way i saw in the
> documentation (db.Table.name.like('%array[0]%''))&(db.Table.name.like
> ('%array[1]%'')) is not working for me.. im using ajax the same way i
> use it for PHP not using the ajax html file is providen.. im using my
> own files.
>
> I have to say its working without the AND so it works for the first
> name pretty well :-) . I will share my code commented because i write
> some part in spanish.
>
> def ajaxlivesearch():
> resultadoParcial = request.vars.values()[0] #I store the partial
> result the user is typing on the textbox
> array_resultadoParcial = resultadoParcial.split(' ') # i split with
> spaces and store in a list / array
>
> #so if the user type his first name.. the array has 1 item or
> none and this works like a charm
> if len(array_resultadoParcial) <= 1:
> query =
> db.Paciente.nombre.like('%'+array_resultadoParcial[0]+'%')
> else: #if the array has more items i will iterate it but i need to
> use the AND to "join" every iteration
> for index in range(0,len(array_resultadoParcial)-1):
> query = query &
> db().Paciente.nombre.like('%'+array_resultadoParcial
> [index]+'%')
>
> pacientes = db(query).select(db.Paciente.nombre,limitby=(0,7))
> j = 0
> retorno = []
> for paciente in pacientes: #i iterate into the query result object
> and return a list of data
> retorno.append('<div id="resultLiveSearch"><a href="#"
> id="res'+str
> (j)+'" onclick="copyToBox(document.getElementById(\'res'+str(j)
> +'\').innerHTML)">'+paciente.nombre+'</a></div>')
> j+=1
> return retorno
>
> Thanks in advanced :-)
--
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en.
