Html parameters in ruby

I want to allow the user to 'filter' his query on a DB.

So, I allow them to select checked boxes for the infor they want. I
then format a string and pass it to a function. My function looks like
this:

<script>
function refreshScrollList(strQuery)
{

alert("Sample_test1.rhtml");

alert("HERE IS THE QUERY STRING " + strQuery); <--everything
looks right here

<%
require "dbi"
require 'cgi'
cgi = CGI.new

# Require the CGI library

# prepare trap for form variables
# there is an artifact space sent from an empty form field so to
verify the field values have to be
# Stripped of whitespace and carriage returns (strip) so (empty) will
work properly.
username = cgi['username'].strip
profession = cgi['profession'].strip

dbh =
DBI.connect("dbi:Pg:dbname=products;host=blank;port=blank","blank","bla
nk")
# get server version string and display it
row = dbh.select_one("SELECT VERSION()")
#puts "Server version" " + row[0]);

#newsth = dbh.execute(strQuery); <-----This is the line I
want to use.

the next line is the hard coded value that I have working right now

newsth = dbh.execute("SELECT id, condition FROM products WHERE

'1990' LIMIT 100;")

rows = newsth.fetch_all
%>

Array_Header = <%=newsth.column_names.inspect%>;
Array_Body = <%=rows.inspect%>;

refreshList();

}
</script>

This is probably a simple task. Thanks in advance!