On a particular page in my website, there are a variety of potential URL parameters:
http://www.example.com/my_webpage?at=2014-01-01&page=5
Now I want a simple way to add a parameter to that like this:
http://www.example.com/my_webpage?at=2014-01-01&page=5&records=100
So I tried the following HTML with embedded Ruby:
<form action="<%= request.original_url %>" method="get"># of records <input type="text" name="records"/></form>
The problem is the resulting page that opens is:
http://www.example.com/my_webpage?records=100
Essentially, the old parameters get wiped away. What's an easy way to retain them? I could loop through the params hash and add hidden_tags (I'd have to selectively exclude params not part of the request params), but I would expect with such a common use case scenario there's a better easier way.
While there isn't an easy Rails way of doing this automatically, Rails does provide access to the request parameters through the request.query_parameters hash. So I simply needed to add this in the form:
<% request.query_parameters.each do |key, val|%>
<input type="hidden" name="<%= key %>" value="<%= val %>"/>
<% end %>
Related
I take courses on rails 5.x.x and when they used form they add a line for token authentication to protect their site, on the start of the form, like this :
<input type="hidden" name="authenticity_token" value="<%= form_authenticity_token %>">
But to be on the last version of rails i'm on 6.1.3 version and i don't see anything on the web about that.
So the question is : Did I still need to set this authenticity token anywhere ? if yes, where ? and if no, why ? If you have some links about that for rails 6 I don't say no. Thank's you.
No, you don't need to add it manually, Rails does it for you in each form.
<%= form_with do |form| %>
Form contents
<% end %>
generates
<form accept-charset="UTF-8" action="/" method="post">
<input name="authenticity_token" type="hidden" value="J7CBxfHalt49OSHp27hblqK20c9PgwJ108nDHX/8Cts=" />
Form contents
</form>
You'll notice that the HTML contains an input element with type
hidden. This input is important, because non-GET forms cannot be
successfully submitted without it. The hidden input element with the
name authenticity_token is a security feature of Rails called
cross-site request forgery protection, and form helpers generate it
for every non-GET form (provided that this security feature is
enabled). You can read more about this in the Securing Rails
Applications guide.
https://guides.rubyonrails.org/form_helpers.html
How do I use some inputted text in a html form to query a SQLite database?
Forgive me, I am very new to Ruby on Rails (couple of days).
I am getting a user to enter a number followed by enter, I then want to query my SQLite db and return results to a variable. I am working in a Ruby on Rails project. Here is the code in my home.html.erb file.
<form name="myform" action="" method="get">
<input type="text" name="CardNumber" onkeypress="if(event.keyCode==13) {javascript:form.submit();>
<input type="submit" onClick="javascript:form.submit();"/>
<br>
</form>
<br>
<br>
<script type="text/javascript" language="JavaScript">
document.forms['myform'].elements['CardNumber'].focus();
</script>
First I think you'll want to do a post instead of a get. Then you need to point action to the correct route.
Usually in rails you'll have a model object instantiated on the action that renders the view with the form. Like if it's a form for creating a new User, on the controller#new action you'll have something like:
def new
#user = User.new
end
then on the view you'll have <%= form_for(#user) ... %>
Since you instantiated #user, form_for will be able to render correctly the path and action when you give it that object as a parameter. It won't be able to figure out if it's a multipart or whatever else, but the basis of routing it will.
But you don't need it obviously. Going back to your sample.
Imagine you have a route
post "save_payment_info", to: "payments#save_cc", as: :cc_save
Then a controller:
payments_controller.rb
def save_cc
cc_number_from_form = params[:CardNumber]
end
So you'll be able to access your form fields (as long as they're named correctly) on the params hash inside the controller.
You can do the same with Ajax and return a JSON response, etc.
I have what should be a relatively simple form in Rails that I'm using to send an email for two different previews, a desktop preview and a mobile preview.
<form id="email-form" role="form" action="<%= action_name == 'desktop_preview' ? email_preview_newsletter_path(#newsletter) : email_preview_newsletter_path(#newsletter, mobile: 'true') %>">
<label for="email_address">Email</label>
<input type="email" id="email_address" name="email_address" value="<%= params[:email_address] %>" placeholder="PLEASE ENTER EMAIL">
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
<input type="submit" value="Send" class="btn btn-primary"></input>
</form>
Right now I have it setup so that both previews get sent to the same endpoint, '/email_preview', but in the case of the mobile_preview I want to pass in a 'mobile' query string so that it ends up looking like this:
'/email_preview?mobile=true'
When I inspect the form on the page everything looks in order, however when it gets passed to the controller the 'mobile' part of the query string disappears and only the 'email_address' exists.
I suppose I could pass in the mobile value as a hidden field, but something about that just doesn't feel right to me. What is the best way to setup this form so that both the 'mobile' and 'email_address' key value pairs are passed as query strings when sent to the controller?
In the process of writing out this question I realized exactly what the problem was:
I had the form setup as a GET request as opposed to a POST request.
This was causing any pre-established query strings to get erased in the process of setting up the GET params being defined in the form (in this case, the 'email_address' param). Changing the form from GET to POST, (i.e. form method="POST")
Took care of this issue. Please note that if you are going to manually setup a form like this in rails then you also need to explicitly take care of the csrf token. This can be done by inserting the following input with the helper method into your form:
input type="hidden" name="authenticity_token" value="<%=form_authenticity_token%>"
Here's my examples that produce the same result :
# `enterprise_registration` is an already created/saved object
form_for enterprise_registration, method: :put do |format|; format; end
form_for enterprise_registration, url: logo_url, method: :put do |format|; format; end
form_for enterprise_registration, url: logo_url, html: {method: :put} do |format|; format; end
This returns the form with the method attribute set to POST.
Why is that happening, do you think? And how can I make it a :put request?
Update
I now understand that Rails forms embed a hidden _method and set it to put, but my form is still getting delivered as a POST that is preventing my form from finding my matching PUT URL
form tag has only GET or POST method allowed. See also here for more explanation. Rails, however, has his own method to handle GET/POST/PUT/PATCH requests. If you would examine any of your form defined as either form_for or form_tag in Rails, you will notice that first element of the form is a hidden <div> which contain two hidden fields:
<div style="display:none">
<input name="utf8" type="hidden" value="✓"><input name="_method" type="hidden" value="patch">
<input name="authenticity_token" type="hidden" value="9i5eRhwhx4NhvSxqIJm6cv9x6NSlY82hpNpfrpk/I0c=">
</div>
First field called _method contains the form action which is the request type for controller.
Web browsers are actually only programmed to receive POST and GET requests (I'm not sure why). The way Rails mimics full REST (which includes put and delete) is include those in hidden fields. So technically it's sending a POST, but with the PUT attached sort of awkwardly in that hidden field.
I'm assuming that Rails is still doing that sort of conversion behind the scenes still.
I've been troubleshooting this error for 12 hours now, and I think I have this narrowed down to this.
If I supply a post method, whether its a json object or a string, IE will allow anything up to ~3926 characters. Nothing else, no matter what shape or size its in. This is so long as its being passed like so :
<form method="post" action="/generate_csv.csv?calc[][amount_paid]=0.0&calc[][date_awarded]=02%2F02%2F1981&calc[][date_paid]=12%2F31%2F1981&calc[][interest_rate]=12.0&calc[][principal]=1955.96&calc[][tf]=0.912328767123288&calc[][total_interest]=214.14&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F1982&calc[][date_paid]=12%2F31%2F1982&calc[][interest_rate]=12.0&calc[][principal]=1955.96&calc[][tf]=1.0&calc[][total_interest]=234.72&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F1983&calc[][date_paid]=12%2F31%2F1983&calc[][interest_rate]=12.0&calc[][principal]=1955.96&calc[][tf]=1.0&calc[][total_interest]=234.72&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F1984&calc[][date_paid]=12%2F31%2F1984&calc[][interest_rate]=12.0&calc[][principal]=1955.96&calc[][tf]=1.0027397260274&calc[][total_interest]=235.36&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F1985&calc[][date_paid]=12%2F31%2F1985&calc[][interest_rate]=12.0&calc[][principal]=1955.96&calc[][tf]=1.0&calc[][total_interest]=234.72&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F1986&calc[][date_paid]=12%2F31%2F1986&calc[][interest_rate]=9.5&calc[][principal]=1955.96&calc[][tf]=1.0&calc[][total_interest]=185.82&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F1987&calc[][date_paid]=12%2F31%2F1987&calc[][interest_rate]=7.5&calc[][principal]=1955.96&calc[][tf]=1.0&calc[][total_interest]=146.7&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F1988&calc[][date_paid]=12%2F31%2F1988&calc[][interest_rate]=6.0&calc[][principal]=1955.96&calc[][tf]=1.0027397260274&calc[][total_interest]=117.68&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F1989&calc[][date_paid]=12%2F31%2F1989&calc[][interest_rate]=7.0&calc[][principal]=1955.96&calc[][tf]=1.0&calc[][total_interest]=136.92&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F1990&calc[][date_paid]=12%2F31%2F1990&calc[][interest_rate]=8.0&calc[][principal]=1955.96&calc[][tf]=1.0&calc[][total_interest]=156.48&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F1991&calc[][date_paid]=12%2F31%2F1991&calc[][interest_rate]=8.5&calc[][principal]=1955.96&calc[][tf]=1.0&calc[][total_interest]=166.26&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F1992&calc[][date_paid]=12%2F31%2F1992&calc[][interest_rate]=7.5&calc[][principal]=1955.96&calc[][tf]=1.0027397260274&calc[][total_interest]=147.1&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F1993&calc[][date_paid]=12%2F31%2F1993&calc[][interest_rate]=5.5&calc[][principal]=1955.96&calc[][tf]=1.0&calc[][total_interest]=107.58&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F1994&calc[][date_paid]=12%2F31%2F1994&calc[][interest_rate]=3.5&calc[][principal]=1955.96&calc[][tf]=1.0&calc[][total_interest]=68.46&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F1995&calc[][date_paid]=12%2F31%2F1995&calc[][interest_rate]=3.5&calc[][principal]=1955.96&calc[][tf]=1.0&calc[][total_interest]=68.46&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F1996&calc[][date_paid]=12%2F31%2F1996&calc[][interest_rate]=5.5&calc[][principal]=1955.96&calc[][tf]=1.0027397260274&calc[][total_interest]=107.87&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F1997&calc[][date_paid]=12%2F31%2F1997&calc[][interest_rate]=5.5&calc[][principal]=1955.96&calc[][tf]=1.0&calc[][total_interest]=107.58&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F1998&calc[][date_paid]=12%2F31%2F1998&calc[][interest_rate]=5.5&calc[][principal]=1955.96&calc[][tf]=1.0&calc[][total_interest]=107.58&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F1999&calc[][date_paid]=12%2F31%2F1999&calc[][interest_rate]=5.5&calc[][principal]=1955.96&calc[][tf]=1.0&calc[][total_interest]=107.58&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F2000&calc[][date_paid]=12%2F31%2F2000&calc[][interest_rate]=5.0&calc[][principal]=1955.96&calc[][tf]=1.0027397260274&calc[][total_interest]=98.07&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F2001&calc[][date_paid]=12%2F31%2F2001&calc[][interest_rate]=5.5&calc[][principal]=1955.96&calc[][tf]=1.0&calc[][total_interest]=107.58&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F2002&calc[][date_paid]=12%2F31%2F2002&calc[][interest_rate]=6.0&calc[][principal]=1955.96&calc[][tf]=1.0&calc[][total_interest]=117.36&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F2003&calc[][date_paid]=12%2F31%2F2003&calc[][interest_rate]=3.0&calc[][principal]=1955.96&calc[][tf]=1.0&calc[][total_interest]=58.68&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F2004&calc[][date_paid]=12%2F31%2F2004&calc[][interest_rate]=2.0&calc[][principal]=1955.96&calc[][tf]=1.0027397260274&calc[][total_interest]=39.23&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F2005&calc[][date_paid]=12%2F31%2F2005&calc[][interest_rate]=1.0&calc[][principal]=1955.96&calc[][tf]=1.0&calc[][total_interest]=19.56&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F2006&calc[][date_paid]=12%2F31%2F2006&calc[][interest_rate]=2.0&calc[][principal]=1955.96&calc[][tf]=1.0&calc[][total_interest]=39.12&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F2007&calc[][date_paid]=12%2F31%2F2007&calc[][interest_rate]=4.0&calc[][principal]=1955.96&calc[][tf]=1.0&calc[][total_interest]=78.24&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F2008&calc[][date_paid]=12%2F31%2F2008&calc[][interest_rate]=5.5&calc[][principal]=1955.96&calc[][tf]=1.0027397260274&calc[][total_interest]=107.87&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F2009&calc[][date_paid]=12%2F31%2F2009&calc[][interest_rate]=4.0&calc[][principal]=1955.96&calc[][tf]=1.0&calc[][total_interest]=78.24&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F2010&calc[][date_paid]=12%2F31%2F2010&calc[][interest_rate]=1.5&calc[][principal]=1955.96&calc[][tf]=1.0&calc[][total_interest]=29.34&calc[][amount_paid]=0.0&calc[][date_awarded]=1%2F1%2F2011&calc[][date_paid]=02%2F09%2F2011&calc[][interest_rate]=0.5&calc[][principal]=1955.96&calc[][tf]=0.10958904109589&calc[][total_interest]=1.07" accept-charset="UTF-8"><div style="margin: 0pt; padding: 0pt; display: inline;"><input type="hidden" value="✓" name="utf8"><input type="hidden" value="dbxrVZT2J42AB0QdMFi2XPggVGAQKtm8IkcuIj+U2jU=" name="authenticity_token"></div>
In all other browsers, this passes with no problem at all. But IE will not tolerate this past a certain point.
Does anyone know how I can pass the same amount of data in a small and condensed way or even in an alternative means?
An alternative, I was thinking, could be passing an alias of the object so that the object itself is passed between controllers, but not through the views. This being done without ever saving the object to the database. Just thinking out loud here.
Open to any ideas. :D
My Haml:
= form_tag generate_csv_path(:calc => #calc.results, :total_interest => #calc.total_interest, :per_diem => #calc.per_diem, :docket_num => #calc.docket_num, :our_file_num => #calc.our_file_num) do
= submit_tag 'Print CSV', :id => "print_csv"
UPDATE
So I'm looping through all the items trying to break them up into smaller hidden fields and they're all coming out as hashes
- #calc.results.each do |k, v|
= hidden_field :calc_result, "#{k[:total_interest]}"
Produces:
"117.68"=>"",
"166.26"=>"",
"147.1"=>"",
"107.58"=>"",
"58.68"=>"",
So unbelievable strange.. I thought I might be able to create a value as a hash eventually. So that 1 calc_result could ahve 5 different attributes in it.
Post the data as < form > body, not as part of the URL.
URLs have length-limit. Data POSTed as form body have no limit as such, since they are part of the header (not URL)
http://support.microsoft.com/kb/208427
UPDATE (in response to your comment)
Data as part of form body...
<form method="post" action="/generate_csv.csv">
<input type="hidden" name="calc[][amount_paid]" value="0.0"/>
... //other fields here
</form>