[英]How can I send a search query(URL params) using text_field in Rails 5?
In Task controller (action index) I have this line:在任务控制器(动作索引)中,我有这一行:
@tasks = Task.where("title LIKE '%#{params[:q]}%'")
In view I have form_tag like this:鉴于我有这样的 form_tag:
= form_tag tasks_path(format: :js), method: :get do |f|
= text_field_tag :q, params[:q]
= submit_tag :Search
And it is works fine, output in terminal:它工作正常,在终端输出:
Started GET "/tasks.js?utf8=%E2%9C%93&q=example&commit=Search" for 127.0.0.1 at 2018-11-08 10:28:37 +0200
Processing by TasksController#index as JS
Parameters: {"utf8"=>"✓", "q"=>"example", "commit"=>"Search"}
Rendering welcome/index.html.haml
Task Load (0.4ms) SELECT "tasks".* FROM "tasks" WHERE (title LIKE '%example%')
But I need to use form_for not form_tag.但我需要使用 form_for 而不是 form_tag。 My form_for form:
我的 form_for 表格:
= form_for tasks_path, method: :get, remote: true do |f|
= f.text_field :q, value: params[:q]
= f.submit :Search
Terminal output:终端输出:
Started GET "/index?utf8=%E2%9C%93&%2Ftasks%5Bq%5D=fdvdfvdfv&commit=Search" for 127.0.0.1 at 2018-11-08 10:30:11 +0200
Processing by WelcomeController#index as JS
Parameters: {"utf8"=>"✓", "/tasks"=>{"q"=>"fdvdfvdfv"}, "commit"=>"Search"}
Rendering welcome/index.html.haml within layouts/application
Task Load (0.4ms) SELECT "tasks".* FROM "tasks" WHERE (title LIKE '%%')
And it is don't work, empty between '%%'.它不起作用,'%%' 之间是空的。 Maybe you can help me.
也许你可以帮助我。
You should use form_tag
not form_for
.您应该使用
form_tag
而不是form_for
。 form_for
is used to create a form for a model object, which isn't your case. form_for
用于为模型对象创建表单,这不是您的情况。
And to answer your question, when you look at the generated params
in the log, you have "/tasks"=>{"q"=>"fdvdfvdfv"}
.为了回答你的问题,当你查看日志中生成的
params
时,你有"/tasks"=>{"q"=>"fdvdfvdfv"}
。 so params[:q]
won't work in this case.所以
params[:q]
在这种情况下不起作用。
My final answer, go with form_tag
.我的最终答案是使用
form_tag
。
In Rails 5.1+ you should use form_with
which replaces both form_for
and form_tag
.在 Rails 5.1+ 中,您应该使用
form_with
替换form_for
和form_tag
。
= form_with(url: tasks_path(format: :js), method: :get) do |f|
= f.text_field :q, params[:q]
= f.submit_tag :Search
Make sure you parameterize the SQL query to avoid a SQL injection vulnerability:确保参数化 SQL 查询以避免 SQL 注入漏洞:
@tasks = Task.where("title LIKE ?", "%#{params[:q]}%")
Or you can create a virtual model, which is a model without a database table:或者你可以创建一个虚拟模型,它是一个没有数据库表的模型:
# app/models/seach_query.rb
class SearchQuery
include ActiveModel::Model
attr_accessor :q
end
= form_with(model: (@search_query || SearchQuery.new) url: tasks_path(format: :js), method: :get) do |f|
= f.text_field :q
= f.submit :Search
class TasksController < ApplicationController
# ...
def index
@tasks = Task.all
if params[:search_query]
@search_query = SearchQuery.new(params.fetch(:search_query).permit(:q))
@tasks = @tasks.where('tasks.title LIKE ?', "%#{ @search_query.q }%")
end
end
end
The advantage of a virtual model is that you can use validations, localize fields with the I18n module etc and organize your code.虚拟模型的优势在于您可以使用验证、使用 I18n 模块等本地化字段并组织您的代码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.