Rails running sql queries with variables

Is it possible to run sql queries with user inputted variables in rails?

Im trying to search through a database for restaurants with certain characteristics they are looking for (ie cuisine, score, zipcode location). Here is my html.erb as a reference.

<form id="frm1" action="form_action.asp">
  Name: <input type="text" name="name" value="Antico Pizza"><br>
  Lower Score: <input type=integer name="LowerScore" value=0>
  Higher Score: <input type="integer" name="HigherScore" value=100><br>
  Zipcode: <input type=integer name="Zipcode" value=30332><br>
            <label for="Cuisine">Cuisine: </label>
            <select name="Cuisine" id="Cuisine">
            <%= @my_cuisines.each do|cuisine|%>
                    <option value=<%= cuisine.cuisine %> onclick="getCuisine()"><%= cuisine.cuisine %></option>
              <% end %>
            </select>
</form> 

<button onclick="myFunction()">Search!</button>

<p id="demo"></p>
<script>
    function myFunction() {
        var x = document.getElementById("frm1");
}

This creates all my options and when I run
var x = document.getElementById(“frm1”); in javascript, I’m able to get the values the user inserted for their search.

In my model, I’m trying to create an SQL statement that will take the users inputs and go through the database and collec them.

ie

sql = "select * from restaurant, inspection
                    where restaurant.rid = inspection.rid
                    and cuisine ='#{c}'
                    and totalscore > '#{l}'
                    and totalscore < '#{h}'
                    and zipcode = '#{z}'"

the ‘#{x}’ is meant to be the users variables (ie c = cuisine, l = lowerScore…). Is there anyway of doing this in rails?

Thank you


Source: ruby

Leave a Reply