I don't even know how to explain the weirdness of this one except to
show the query it's making when it displays the error
http://www.customlasercutting.com/site/info/materials
Scroll down to the yellow "Materials search too" box and try selecting,
say... black AND black top white core (under colors). Normally the query
uses IN, not LIKE, but so I could see the query, I made it like that.
Notice how it puts %2520 for spaces (or %252F for /)? It messes up the
query, obviously. How would I tell it to output a " " instead of %2520?
Also, it only does it when multiple items are selected. If you select
JUST one item with spaces, it works
Ruby code: http://pastie.caboo.se/69978
Select boxes: http://pastie.caboo.se/69979
Any help with this would be greatly appreciated! Thanks in advance.
···
--
Posted via http://www.ruby-forum.com/.
Brandon Robison wrote:
I don't even know how to explain the weirdness of this one except to
show the query it's making when it displays the error
Pololu - Custom Laser Cutting Service
Scroll down to the yellow "Materials search too" box and try selecting,
say... black AND black top white core (under colors). Normally the query
uses IN, not LIKE, but so I could see the query, I made it like that.
Notice how it puts %2520 for spaces (or %252F for /)? It messes up the
query, obviously. How would I tell it to output a " " instead of %2520?
Also, it only does it when multiple items are selected. If you select
JUST one item with spaces, it works
Ruby code: http://pastie.caboo.se/69978
Select boxes: http://pastie.caboo.se/69979
Any help with this would be greatly appreciated! Thanks in advance.
(Sorry--this may be a double send.)
Brandon,
I notice that when a space is converted to URL characters, it becomes
%20. When a percent sign is converted, it becomes %25. So you get %2520
when you attempt to convert " " twice: " " -> "%20" -> "%2520"
The same is true of the conversion for "/".
I don't see where these conversions are taking place, but knowing what's
wrong may be enough for you to find it. However, I think something else
is wrong with your queries, because selecting two items never seems to
work, regardless of whether they contain spaces.
Dan
On the security side of things you might want to code some input validation
routines. I can't see all of your code or the back parts of it but it
appears that you might be leaving yourself open to SQL injection attacks.
- Nathan
···
On 6/12/07, Brandon Robison <robison.brandon@gmail.com> wrote:
I don't even know how to explain the weirdness of this one except to
show the query it's making when it displays the error
Pololu - Custom Laser Cutting Service
Scroll down to the yellow "Materials search too" box and try selecting,
say... black AND black top white core (under colors). Normally the query
uses IN, not LIKE, but so I could see the query, I made it like that.
Notice how it puts %2520 for spaces (or %252F for /)? It messes up the
query, obviously. How would I tell it to output a " " instead of %2520?
Also, it only does it when multiple items are selected. If you select
JUST one item with spaces, it works
Ruby code: http://pastie.caboo.se/69978
Select boxes: http://pastie.caboo.se/69979
Any help with this would be greatly appreciated! Thanks in advance.
--
Posted via http://www.ruby-forum.com/\.