(1) form_for, form_for用于根据模型对象生成表单。
<%= form_for(@user) do |f| %>
<% if @user.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
<ul>
<% @user.errors.full_messages.each do |msg| %>
<li><%= msg %></li>
<% end %>
</ul>
</div>
<% end %>
<div class="field">
<%= f.label :username %><br />
<%= f.text_field :username %>
</div>
<div class="field">
<%= f.label :password %><br />
<%= f.text_field :password %>
</div>
<div class="field">
<%= f.label :email %><br />
<%= f.text_area :email %>
</div>
<div class="actions">
<%= f.submit %>
</div>
<% end %>
比如 f.text_field :name会告诉rails生成一个文本输入框,并且保存模型的name属性。(实际上生成的是 <input type='text' name='post[name]' />)
实际上 form_for 方法知道你是new还是edit,然后对提交按钮设置相应的value,(比如在这里new里面是create post, edit里面是update post)
(2)posts.each用于根据模型对象生成数据
<% @posts.each do |post| %>
<tr>
<td><%= post.name %></td>
<td><%= post.title %></td>
<td><%= post.content %></td>
<td><%= link_to 'Show', post %></td>
<td><%= link_to 'Edit', edit_post_path(post) %></td>
<td><%= link_to 'Destroy', post, :confirm => 'Are you sure?', :method
=> :delete %></td>
</tr>
<% end %>
1、错误用法(SQL注入攻击):
name = params[:name]
pos = Order.find(:add, :conditions => "name = '#{name}' and pay_type ='po'"
2、["?",XXX]占位符:
name = params[:name]
pos = Order.find(:all,:conditions => ["name = ? and pay_type ='po'" ,name])
3、[":XXX ",{:XXX => XXX}]占位符:
name = params[:name]
pay_type = params[:pay_type]
pos = Order.find(:all,:conditions => ["name = :name and pay_type = :pay_type",{:pay_type => pay_type, :name => name}])
4、直接传入表单hash:
pos = Order.find(:add, :conditions => ["name = :name and pay_type = :pay_type", params[:order]])
5、省略:查询定义的表单hash:
pos = Order.find(:add,:conditions => params[:order])
6、like的使用:
User.find(:all, :conditions => ["name like ? ", params[:name]+"%" ])
7、只返回一条:
User.find(:first, :conditions => [...])
8、分页查询:
def Order.find_on_page(page_num,page_size)
9、joins:
LineItem.find(:all, :conditions => "pr.title = 'Programming Ruby'" , :joins => "as li inner join products as pr on li.product_id = pr.id" )
10、指定查询字段:(无主键时无法保存)
list = Talks.find(:all , :select => " title, speaker, recorded_on" )
11、find_by_sql:
Order.find_by_sql(["select * from orders where amount > ? " , params[:amount]])
12、count:
result = Order.count [ "amount > ?" , minimum_purchase ]
13、多表查询
- table A
- id Integer
- name String
- table B
- id Integer
- age Integer
- a_id Integer
- @as = A.find_by_sql("select a.name,b.age from A a,B b where a.id = b.a_id")
- puts @as.class #Array
- puts @as[0].class #A
- puts @as[0].inspect # #<A name:\"test\">
- puts "name:" << @as[0].name # test
- puts "age:" << @as[0].age # 11