glasses 1.6.2 → 1.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 81b4a3f6ecf453f6dea81f38a47b4a8ff565b4f9
-  data.tar.gz: dfdab14e69ad85470a713471e87d98fc3b101227
+  metadata.gz: 13db292133e47a1ff62d1b2883a0ded68a386683
+  data.tar.gz: a9f1733f0750ae3271ee4b25d338f319f0631fdf
 SHA512:
-  metadata.gz: 3046f685eb761093d9036f63164056055c67e73321e5ca8bbf641aa4967e4a2b98762b77ec40b5e0381f7077ec5131b60aa81e70b011b8e96465deaac19f619f
-  data.tar.gz: 7574e7d304d52100dd82f64ed60c06e5a1f30aef29c47f450880dd80a45e059c5741719f352fe2c9e48c6c85edd7011f9e0b8a45b55b1fdb5c0831bcca506631
+  metadata.gz: 01dfee05abdcdba4886d9e7e040355a6c39237f2312026bcf2e4ed7ebb6ab6c90a88c272f7e482733fb8637abcf1e80dba8fd761388213e11db361e24ca41e81
+  data.tar.gz: 29577cb0555a7efa09c548cd613713cedecf4a1d6e4eb19377b649d2eb6a5bda33744c7b63cdb25ccb1445ef62b1d6dbd55c0cce8fef1805b363a8e0e1d75dc7

data/lib/glasses.rb

@@ -2,11 +2,212 @@ require "glasses/version"
 
 module Glasses
 
+  def self.prioritize_ints_over_strings(columns_to_search, values_to_search)
+    # Order params, prioritize ids and bools over over strings to boost performance at database hits.
+    for i in (0..columns_to_search.size-1) do
+      if columns_to_search[i][columns_to_search[i].size-3] == "E" #if it's a "like" statement
+        columns_to_search.insert(0, columns_to_search.delete_at(i))
+        values_to_search.insert(0, values_to_search.delete_at(i))
+      end
+    end
+    return [columns_to_search, values_to_search]
+  end
+
+  def self.prioritize_ints_over_strings_and_ranges(columns_to_search, values_to_search)
+    # Order params, prioritize ids and bools over ranges and both of these over strings to boost performance at database hits.
+    string_shifts = 0
+    total_columns = columns_to_search.size - 1
+    for i in (0..total_columns) do
+      if columns_to_search[i][columns_to_search[i].size-3] == "E" #if it's a "like" statement
+        columns_to_search.insert(0, columns_to_search.delete_at(i))
+        values_to_search.insert(0, values_to_search.delete_at(i))
+        string_shifts += 1
+      end
+    end
+    if string_shifts < total_columns # string_shifts will begin at the 'last index which contains a string' + 1
+      for i in (string_shifts..columns_to_search.size-1) do
+        if columns_to_search[i][columns_to_search[i].size-4] != " " #if it's empty at this index, value is a range; 
+          columns_to_search.insert(string_shifts, columns_to_search.delete_at(i))
+          values_to_search.insert(string_shifts, values_to_search.delete_at(i))
+        end
+      end
+    end
+    return [columns_to_search, values_to_search]
+  end
+
   def self.search(model_to_search,params_hash)
-    query = ""
+    query = []
+    query_params = []
+    params_hash.each do |key,val|
+      if !val.empty?
+        #key = key.to_s
+        key_suffix = key[key.size-3,key.size]
+        if key_suffix == "ool"
+          if val == "1"
+            query.push("#{key[0,key.size-5]} = ?") # excludes 'bool'
+            query_params.push(true)
+          #else
+          #  query.push("#{key[0,key.size-5]} = ?") # excludes 'bool'
+          #  query_params.push(false)
+          end
+        elsif key_suffix == "min"
+          query.push("#{key[0,key.size-4]} >= ?") # excludes 'min'
+          query_params.push(val.to_s)
+        elsif key_suffix == "max"
+          query.push("#{key[0,key.size-4]} <= ?") # excludes 'max'
+          query_params.push(val.to_s)
+        elsif key_suffix == "_id"
+          query.push("#{key} = ?")
+          query_params.push(val.to_s)
+        else
+          query.push("#{key} LIKE ?") # percent sign matches any string of 0 or more chars.
+          query_params.push(val + "%")
+        end
+      end
+    end
+    if !query.empty?
+      if query.size == 1
+        return model_to_search.where(query.pop(), query_params.pop())
+      else
+        prioritized = Glasses.prioritize_ints_over_strings(query, query_params)
+        query = prioritized[0]
+        query_params = prioritized[1]
+        results = model_to_search.where(query.pop(), query_params.pop())
+        (query.size).times do |search|
+          results = results.where(query.pop(), query_params.pop()) # important to note that ".where()" is not hitting the database on this line.
+        end
+        return results
+      end
+    else
+      []
+    end
+  end
+
+  def self.full_search(model_to_search,params_hash)
+    query = []
+    query_params = []
     params_hash.each do |key,val|
       if !val.empty?
         if key.to_s[key.size-3,key.size] == "_id"
+          query.push("#{key} = ?")
+          query_params.push(val.to_s)
+        else
+          query.push("#{key} LIKE ?") # percent sign matches any string of 0 or more chars.
+          query_params.push("%" + val + "%")
+        end
+      end
+    end
+    if !query.empty?
+      if query.size == 1
+        return model_to_search.where(query.pop(), query_params.pop())
+      else
+        results = model_to_search.where(query.pop(), query_params.pop())
+        (query.size).times do |search|
+          results = results.where(query.pop(), query_params.pop()) # important to note that ".where()" is not hitting the database on this line.
+        end
+        return results
+      end
+    else
+      []
+    end
+  end
+
+  def self.search_range(model_to_search,params_hash)
+    query = []
+    query_params = []
+    params_hash.each do |key,val|
+      if !val.empty?
+        #key = key.to_s
+        key_suffix = key[key.size-3,key.size]
+        if key_suffix == "ool"
+          if val == "1"
+            query.push("#{key[0,key.size-5]} = ?") # excludes 'bool'
+            query_params.push(true)
+          #else
+          #  query.push("#{key[0,key.size-5]} = ?") # excludes 'bool'
+          #  query_params.push(false)
+          end
+        elsif key_suffix == "min"
+          query.push("#{key[0,key.size-4]} >= ?")
+          query_params.push(val.to_s)
+        elsif key_suffix == "max"
+          query.push("#{key[0,key.size-4]} <= ?")
+          query_params.push(val.to_s)
+        elsif key_suffix == "_id"
+          query.push("#{key} = ?")
+          query_params.push(val.to_s)
+        else
+          query.push("#{key} LIKE ?") # percent sign matches any string of 0 or more chars.
+          query_params.push(val + "%")
+        end
+      end
+    end
+    if !query.empty?
+      if query.size == 1
+        return model_to_search.where(query.pop(), query_params.pop())
+      else
+        prioritized = Glasses.prioritize_ints_over_strings_and_ranges(query, query_params)
+        query = prioritized[0]
+        query_params = prioritized[1]
+        results = model_to_search.where(query.pop(), query_params.pop())
+        (query.size).times do |search|
+          results = results.where(query.pop(), query_params.pop()) # important to note that ".where()" is not hitting the database on this line.
+        end
+        return results
+      end
+    else
+      []
+    end
+  end
+
+  def self.full_search_range(model_to_search, params_hash)
+    query = []
+    query_params = []
+    params_hash.each do |key,val|
+      if !val.empty?
+        key_suffix = key.to_s[key.size-3,key.size]
+        if key_suffix == "min"
+          query.push("#{key[0,key.size-4]} >= ?")
+          query_params.push(val.to_s)
+        elsif key_suffix == "max"
+          query.push("#{key[0,key.size-4]} <= ?")
+          query_params.push(val.to_s)
+        elsif key_suffix == "_id"
+          query.push("#{key} = ?")
+          query_params.push(val.to_s)
+        else
+          query.push("#{key} LIKE ?") # percent sign matches any string of 0 or more chars.
+          query_params.push("%" + val + "%")
+        end
+      end
+    end
+    if !query.empty?
+      if query.size == 1
+        return model_to_search.where(query.pop(), query_params.pop())
+      else
+        prioritized = Glasses.prioritize_ints_over_strings_and_ranges(query, query_params)
+        query = prioritized[0]
+        query_params = prioritized[1]
+        results = model_to_search.where(query.pop(), query_params.pop())
+        (query.size).times do |search|
+          results = results.where(query.pop(), query_params.pop()) # important to note that ".where()" is not hitting the database on this line.
+        end
+        return results
+      end
+    else
+      []
+    end
+  end
+
+  def self.raw_search(model_to_search,params_hash)
+    query = ""
+    params_hash.each do |key,val|
+      if val
+        key = key.to_s
+        key_suffix = key.to_s[key.size-3,key.size]
+        if key_suffix == "ool"
+          query += "#{key[0,key.size-5]} = '1' AND "
+        elsif key_suffix == "_id"
           query += "#{key} = #{val} AND "
         else
           query += "#{key} LIKE '#{val}%' AND " # percent sign matches any string of 0 or more chars.
@@ -21,25 +222,68 @@ module Glasses
     end
   end
 
-  def self.sanitized_search(model_to_search,params_hash)
+  def self.full_raw_search(model_to_search,params_hash)
     query = ""
-    query_params = []
     params_hash.each do |key,val|
       if !val.empty?
         if key.to_s[key.size-3,key.size] == "_id"
-          query += "#{key} = ? AND "
-          query_params.push(val.to_s)
+          query += "#{key} = #{val} AND "
         else
-          query += "#{key} LIKE ? AND " # percent sign matches any string of 0 or more chars.
-          query_params.push(val + "%")
+          query += "#{key} LIKE '%#{val}%' AND " # percent sign matches any string of 0 or more chars.
         end
       end
     end
     if !query.empty?
       query = query[0,query.size-5]
-      #model_to_search.where(ActiveRecord::Base::sanitize(query)) # sanitize_sql() is an Alias for ActiveRecord::Sanitization::ClassMethods#sanitize_sql_for_conditions .
-      # Requires rails version 3.2.1 or higher.
-      model_to_search.where(query, query_params)
+      model_to_search.where(query)
+    else
+      []
+    end
+  end
+
+    def self.raw_search_range(model_to_search,params_hash)
+    query = ""
+    params_hash.each do |key,val|
+      if !val.empty?
+        key_suffix = key.to_s[key.size-3,key.size]
+        if key_suffix == "min"
+          query += "#{key[0,key.size-4]} >= #{val} AND "
+        elsif key_suffix == "max"
+          query += "#{key[0,key.size-4]} <= #{val} AND "
+        elsif key_suffix == "_id"
+          query += "#{key} = #{val} AND "
+        else
+          query += "#{key} LIKE '#{val}%' AND " # percent sign matches any string of 0 or more chars.
+        end
+      end
+    end
+    if !query.empty?
+      query = query[0,query.size-5]
+      model_to_search.where(query)
+    else
+      []
+    end
+  end
+
+  def self.full_raw_search_range(model_to_search, params_hash)
+    query = ""
+    params_hash.each do |key,val|
+      if !val.empty?
+        key_suffix = key.to_s[key.size-3,key.size]
+        if key_suffix == "min"
+          query += "#{key[0,key.size-4]} >= #{val} AND "
+        elsif key_suffix == "max"
+          query += "#{key[0,key.size-4]} <= #{val} AND "
+        elsif key_suffix == "_id"
+          query += "#{key} = #{val} AND "
+        else
+          query += "#{key} LIKE '%#{val}%' AND " # percent sign matches any string of 0 or more chars.
+        end
+      end
+    end
+    if !query.empty?
+      query = query[0,query.size-5]
+      model_to_search.where(query)
     else
       []
     end

data/lib/glasses/version.rb

@@ -1,3 +1,3 @@
 module Glasses
-  VERSION = "1.6.2"
+  VERSION = "1.7.0"
 end

data/spec/dummy/app/controllers/search_controller.rb

@@ -16,7 +16,7 @@ class SearchController < ApplicationController
 
 	def method_sanitized_simple_search
 		if params[:search_params]
-			@players = Glasses.sanitized_search(Player, params[:search_params])
+			@players = Glasses.raw_search(Player, params[:search_params])
 			@num_results = 0
 		else
 			@players = []
@@ -40,17 +40,36 @@ class SearchController < ApplicationController
 		end
 	end
 
+	def range_search
+		if params[:search_params]
+			@players = Glasses.search_range(Player, params[:search_params])
+			@num_results = 0
+		else
+			@players = []
+		end
+	end
+
+	def raw_range_search
+		if params[:search_params]
+			@players = Glasses.raw_search_range(Player, params[:search_params])
+			@num_results = 0
+		else
+			@players = []
+		end
+	end
+
+	def full_search_range
+
+	end
+
 	protected
 
 	def search_params_sanitizer_defined_in_the_app(search_params, escape_char = "\\")
 	  sanitized_params = {}
-	  pattern = Regexp.union(escape_char, "%", "_", "--", "=")
-	  search_params.each do |key, val| 
-	  	#sanitized_params[key] = ActiveRecord::Base.sanitize(val)
-	  	#sanitized_params[key] = val
-	  	sanitized_params[key] = val.gsub(pattern) do |s| 
-	  		[escape_char, s].join
-	  	end
+	  pattern = Regexp.union(escape_char, "%", "_", "=")
+	  search_params.each do |key, val|
+	  	# sanitizing data directly is not that a good idea and should be done when no other solution is available
+	  	sanitized_params[key] = val.gsub(/\\/, '\&\&').gsub(/'/, "''")
 	  end
 	  begin
 	  	return sanitized_params
@@ -60,16 +79,9 @@ class SearchController < ApplicationController
   	end
 
   	def caughts_injected_code_in_search(search_params, escape_char = "\\")
-  	  sanitized_params = {}
-	  pattern = Regexp.union(escape_char, "%", "_", "--", "=")
-	  search_params.each do |key, val| 
-	  	sanitized_params[key] = val.gsub(pattern) do |s| 
-	  		[escape_char, s].join
-	  	end
-	  end
-
+  	  sanitized_params = search_params_sanitizer_defined_in_the_app(search_params, escape_char = "\\")
   	  begin
-  	  	results = Glasses.search(Player, sanitized_params)
+  	  	results = Glasses.raw_search(Player, sanitized_params)
   	  rescue SQLException
   		results = []
   	  end

data/spec/dummy/app/views/search/range_search.html.erb

@@ -0,0 +1,30 @@
+<%= form_for(:search_params, url: range_search_path, method: "get", id: "simple_search_form") do |f| %>
+
+	<%= f.label :first_name, "First Name:" %>
+	<%= f.text_field :first_name %>
+
+	<%= f.label :age_min, "Minimum Age:" %>
+	<%= f.text_field :age_min %>
+
+	<%= f.label :age_max, "Maximum Age:" %>
+	<%= f.text_field :age_max %>
+
+	<label>Looking for a virgin loser:
+		<input name="search_params[is_virgin_bool]" type="hidden" value="0" />
+	    <input checked="checked" type="checkbox" id="checked_box" name="search_params[is_virgin_bool]" value="1" />
+	</label>
+
+	<%= f.submit "Search" %>
+<% end %>
+
+<% if @players.empty? %>
+	<p id="fail">WOPS, NOTHING TO SEARCH</p>
+	<p>0 entries</p>
+<% else %>
+
+	<% @players.each do |p| %>
+		<% @num_results += 1 %>
+		<p id="success"><%= p.first_name %>, GR8 SUCCESS</p>
+	<% end %>
+		<p><%= "#{@num_results}"%></p>
+<% end %>

data/spec/dummy/app/views/search/raw_range_search.html.erb

@@ -0,0 +1,25 @@
+<%= form_for(:search_params, url: raw_range_search_path, method: "get", id: "simple_search_form") do |f| %>
+
+	<%= f.label :first_name, "First Name:" %>
+	<%= f.text_field :first_name %>
+
+	<%= f.label :age_min, "Minimum Age:" %>
+	<%= f.text_field :age_min %>
+
+	<%= f.label :age_max, "Maximum Age:" %>
+	<%= f.text_field :age_max %>
+
+	<%= f.submit "Search" %>
+<% end %>
+
+<% if @players.empty? %>
+	<p id="fail">WOPS, NOTHING TO SEARCH</p>
+	<p>0 entries</p>
+<% else %>
+
+	<% @players.each do |p| %>
+		<% @num_results += 1 %>
+		<p id="success"><%= p.first_name %>, GR8 SUCCESS</p>
+	<% end %>
+		<p><%= "#{@num_results}"%></p>
+<% end %>

data/spec/dummy/app/views/search/simple_search.html.erb

@@ -3,6 +3,9 @@
 	<%= f.label :first_name, "First Name:" %>
 	<%= f.text_field :first_name %>
 
+	<label>Looking for a virgin loser:
+	    <input checked="checked" type="checkbox" id="checked_box" name="search_params[is_virgin_bool]" value="1" />
+	</label>
 	<%= f.submit "Search" %>
 <% end %>
 
@@ -10,10 +13,9 @@
 	<p id="fail">WOPS, NOTHING TO SEARCH</p>
 	<p>0 entries</p>
 <% else %>
-
 	<% @players.each do |p| %>
 		<% @num_results += 1 %>
-		<p id="success"><%= p.first_name %>, GR8 SUCCESS</p>
+		<p id="success"><%= p.first_name %>,<%= p.is_virgin.to_s %>,<%= "LOOOSERR," if p.is_virgin %> GR8 SUCCESS</p>
 	<% end %>
 		<p><%= "#{@num_results}"%> entries</p>
 <% end %>