stackoom
  简体   繁体   中英

Rails model query with many optional params

 原文  2015-11-05 21:36:27       ruby-on-rails/ activerecord

Question

A user wants to search by an attribute and/or order the results. Here are some example requests 

/posts?order=DESC&title=cooking
/posts?order=ASC
/posts?title=cooking

How can I conditionally chain such options to form a query?

So far I have a very ugly method that will quickly become difficult to maintain. 

  def index
    common = Hash.new
    common["user_id"] = current_user.id

    if params[:order] && params[:title]

      @vacancies = Post.where(common)
                          .where("LOWER(title) LIKE ?", params[:title])
                          .order("title #{params[:order]}")

    elsif params[:order] && !params[:title]

      @vacancies = Post.where(common)
                          .order("title #{params[:order]}")

    elsif params[:title] && !params[:order]

      @vacancies = Post.where(common)
                          .where("LOWER(title) LIKE ?", params[:title])
    end
  end

1 answers

solution1
 1 ACCPTED  2015-11-05 21:45:08

Remember that query methods like where and order are meant to be chained. What you want to do is start with a base query (like Post.where(common) , which you use in all cases) and then conditionally chain other methods: 

def index
  common = Hash.new
  common["user_id"] = current_user.id

  @vacancies = Post.where(common)

  if params[:order]
    @vacancies = @vacancies.order(title: params[:order].to_sym)
  end

  if params[:title]
    @vacancies = @vacancies.where("LOWER(title) LIKE ?", params[:title])
  end
end

PS Your original code had .order("title #{params[:order]}") . This is very dangerous, since it opens you up to SQL injection attacks. As a rule of thumb never use string concatenation ( #{...} ) with a value you get from the end user when you're going to pass the result to the database. Accordingly, I've changed it to .order(title: params[:order]) . Rails will use this hash to construct a secure query so you don't have to worry about injection attacks.

You can read more about SQL injection attacks in Rails in the official Ruby on Rails Security Guide .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Optional Rails Params in Controller Query Rails: combining optional params into a query Rails Active Record query with multiple optional params Rails Refactoring Controller and Model with too many params Routes with optional params in Rails Rails 4 routing with optional params? Rails - how to make query parameters optional in Model? rails many to many model query problem Rails route helpers - one model to fill many params Rails 5: if many params
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM