如何在 Rails 5 中使用 text_field 发送搜索查询(URL 参数)?
[英]How can I send a search query(URL params) using text_field in Rails 5?
问题描述
In Task controller (action index) I have this line:
在任务控制器(动作索引)中,我有这一行:
@tasks = Task.where("title LIKE '%#{params[:q]}%'")
In view I have form_tag like this:鉴于我有这样的 form_tag:
= form_tag tasks_path(format: :js), method: :get do |f|
= text_field_tag :q, params[:q]
= submit_tag :Search
And it is works fine, output in terminal:它工作正常,在终端输出:
Started GET "/tasks.js?utf8=%E2%9C%93&q=example&commit=Search" for 127.0.0.1 at 2018-11-08 10:28:37 +0200
Processing by TasksController#index as JS
Parameters: {"utf8"=>"✓", "q"=>"example", "commit"=>"Search"}
Rendering welcome/index.html.haml
Task Load (0.4ms) SELECT "tasks".* FROM "tasks" WHERE (title LIKE '%example%')
But I need to use form_for not form_tag.但我需要使用 form_for 而不是 form_tag。 My form_for form:我的 form_for 表格:
= form_for tasks_path, method: :get, remote: true do |f|
= f.text_field :q, value: params[:q]
= f.submit :Search
Terminal output:终端输出:
Started GET "/index?utf8=%E2%9C%93&%2Ftasks%5Bq%5D=fdvdfvdfv&commit=Search" for 127.0.0.1 at 2018-11-08 10:30:11 +0200
Processing by WelcomeController#index as JS
Parameters: {"utf8"=>"✓", "/tasks"=>{"q"=>"fdvdfvdfv"}, "commit"=>"Search"}
Rendering welcome/index.html.haml within layouts/application
Task Load (0.4ms) SELECT "tasks".* FROM "tasks" WHERE (title LIKE '%%')
And it is don't work, empty between '%%'.它不起作用,'%%' 之间是空的。 Maybe you can help me.也许你可以帮助我。
2 个解决方案
解决方案1
1 2018-11-08 08:54:13
You should use form_tag not form_for .您应该使用form_tag而不是form_for 。 form_for is used to create a form for a model object, which isn't your case. form_for用于为模型对象创建表单,这不是您的情况。
And to answer your question, when you look at the generated params in the log, you have "/tasks"=>{"q"=>"fdvdfvdfv"} .为了回答你的问题,当你查看日志中生成的params时,你有"/tasks"=>{"q"=>"fdvdfvdfv"} 。 so params[:q] won't work in this case.所以params[:q]在这种情况下不起作用。
My final answer, go with form_tag .我的最终答案是使用form_tag 。
解决方案2
0 2018-11-08 13:59:04
In Rails 5.1+ you should use form_with which replaces both form_for and form_tag .在 Rails 5.1+ 中,您应该使用form_with替换form_for和form_tag 。
Without a model没有模型
= form_with(url: tasks_path(format: :js), method: :get) do |f|
= f.text_field :q, params[:q]
= f.submit_tag :Search
Make sure you parameterize the SQL query to avoid a SQL injection vulnerability:确保参数化 SQL 查询以避免 SQL 注入漏洞:
@tasks = Task.where("title LIKE ?", "%#{params[:q]}%")
Virtual model虚拟模型
Or you can create a virtual model, which is a model without a database table:或者你可以创建一个虚拟模型,它是一个没有数据库表的模型:
# app/models/seach_query.rb
class SearchQuery
include ActiveModel::Model
attr_accessor :q
end
= form_with(model: (@search_query || SearchQuery.new) url: tasks_path(format: :js), method: :get) do |f|
= f.text_field :q
= f.submit :Search
class TasksController < ApplicationController
# ...
def index
@tasks = Task.all
if params[:search_query]
@search_query = SearchQuery.new(params.fetch(:search_query).permit(:q))
@tasks = @tasks.where('tasks.title LIKE ?', "%#{ @search_query.q }%")
end
end
end
The advantage of a virtual model is that you can use validations, localize fields with the I18n module etc and organize your code.虚拟模型的优势在于您可以使用验证、使用 I18n 模块等本地化字段并组织您的代码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.