[英]Grails controller - link to select element from .gsp file
So, I'm working on this grails application to create a web dashboard. 因此,我正在使用该grails应用程序来创建Web仪表板。 So far, I have created a controller that queries metrics from my database and renders it as a JSON file, which I feed to d3 and other javascript libraries on the front end gsp file.
到目前为止,我已经创建了一个控制器,可以从数据库中查询指标并将其呈现为JSON文件,然后将其馈送到前端gsp文件中的d3和其他JavaScript库。
My question is this: I have a certain drop down menu on my front end as follows: 我的问题是:我的前端有一个特定的下拉菜单,如下所示:
<select onchange="loadData()" id="metric" class="dropdown">
<option value ="sales">Sales</option>
<option value ="visits">Visits</option>
</select>
And my corresponding controller, in its simplest form, has the following actions: (Importing grails.converters and groovy.sql.sql) 最简单的形式对应的控制器具有以下操作:(导入grails.converters和groovy.sql.sql)
def dataSource
def listJson = {
def sql = new Sql(dataSource)
def rows = sql.rows("select date_hour, total_revenue as sales, visits from table")
sql.close()
render rows as JSON
}
The problem now is, I have a bunch of drop down menus, and quite a lot of options in each, for each of which, if I did as above, I would have to create a new json file for d3 to use. 现在的问题是,我有一堆下拉菜单,每个菜单中都有很多选项,对于每个选项,如果按上述方法操作,则必须为d3创建一个新的json文件才能使用。 Instead, can't I somehow insert the value of the option from the select element above, into the sql statement in the controller?
相反,我不能以某种方式将上述select元素中的option值插入控制器的sql语句中吗?
Something like the one below, but I don't know if it's possible, and if it is, the right syntax. 类似于下面的内容,但我不知道这是否可行,如果正确,语法是否正确。 I'm using grails 2.3.4 right now.
我现在正在使用grails 2.3.4。
def listJson = {
def sql = new Sql(dataSource)
def rows = sql.rows("select date_hour, total_revenue as sales, ${index #metric} from table")
sql.close()
render rows as JSON
}
where index is my index.gsp file (where the select option is), and #metric, the id of the element. 其中index是我的index.gsp文件(其中select选项位于其中),而#metric是元素的ID。
Thanks in advance! 提前致谢!
You can get the value of the select from params
in your controller. 您可以从控制器的
params
中获取选择的值。 For example: 例如:
def listJson = {
def metric = params.metric
// build query...
def query = "... ${metric} ..."
}
However, I'd advise against building a SQL query like this. 但是,我建议不要构建这样的SQL查询。 Any time you accept user input as part of a SQL query it provides a huge opportunity for SQL injection attacks.
每当您接受用户输入作为SQL查询的一部分时,它都会为SQL注入攻击提供巨大的机会。 Why not use a higher level database abstraction like GORM?
为什么不使用像GORM这样的更高级别的数据库抽象呢? Also note that groovy uses different parameter expansion in SQL queries than regular strings to generate for PreparedStatements.
还要注意,groovy在SQL查询中使用与常规字符串不同的参数扩展来为PreparedStatement生成。 You'd need to write your example like this:
sql.rows("select date_hour, total_revenue as sales, " + metric + " from table")
您需要像这样编写示例:
sql.rows("select date_hour, total_revenue as sales, " + metric + " from table")
Finally, while it depends on how you're submitting the request in loadData()
, the usual convention for HTML input elements is to submit the value with the element name
attribute as the key, not the id
. 最后,虽然这取决于您如何在
loadData()
提交请求,但是HTML输入元素的通常约定是使用元素name
属性作为键而不是id
来提交值。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.