1

I can already generate the amount of params I need using the below code but when I submit the form the data that comes back is the index position not the value submitted I cant seem to find the issue It knows whats being inputted that I know by the error logs when I had something else messed up but that part is fixed.

The Relevant front end :

post '/submitpage' do
  authentication_required
  data = database.execute("select Id,Questions from Questions");
  data.each_with_index do |i|
    eval(" '#{i[0]}' + '=' + 'params[:q#{i[0]}]' ")
  end


  name = params[:name]
  id = params[:id]
  date = params[:date]
  time = params[:time]

  c1 = params[:comment4]
  c2 = params[:comment5]
  c3 = params[:"comment6"]
  c4 = params[:"comment7"]
  c5 = params[:"comment8"]
  c6 = params[:"comment9"]
  c7 = params[:"comment10"]
  c8 = params[:"comment11"]
  c9 = params[:"comment12"]
  c10 = params[:"comment13"]

  database.execute("INSERT INTO Answers (Answer) VALUES ('#{name}'),   ('#{id}'),('#{date}'),('#{time}'),('#{1}'),('#{2}'),('#{3}'),('#{4}'), ('#{5}'),('#{6}'),('#{7}'),('#{8}'),('#{9}'), ('#{10}'),('#{11}'),('#{12}'),('#{13}'),('#{14}'),('#{15}'),('#{16}'),('#{17}'),('#{18}'),('#{19}'),('#{20}')");

  database.execute("INSERT INTO Comments (Comments) VALUES ('#{c1}'),('{c2}'),('#{c3}'),('#{c4}'),('#{c5}'),('#{c6}'),('#{c7}'),('#{c8}'),('#{c9}'),('#{c10}')");

  redirect to('/page1')
end

the relevant partial view :

<div class="row">
  <div class="column column-12 scrollingTable  ">
    <h3>I. Work Evaluation</h3>
    <table class="sortable">
      <tr>
        <th></th>
      </tr>

      <% data.each.with_index do |data, index| %>
          <% if data[0] >= 5 && data[0] <= 19 %>
              <tr>

                <td><%= data[1] %></td>
                <td><select name="q<%= index %>">
                  <option value=""></option>
                  <option value="Yes">Yes</option>
                  <option value="No">No</option>
                  <option value="na">N/a</option>
                </select>

                  <div class="accordion">Comment</div>
                  <div class="panel">
                    <textarea class="comments" name="comment<%= index %>" rows="4" cols="15"> </textarea>
                  </div>
                </td>
              </tr>
          <% end %>
      <% end %>
    </table>
    <% # some code %>
  </div>
</div>
Lukas Baliak
  • 2,849
  • 2
  • 23
  • 26
Joseph McKenzie
  • 87
  • 11
  • You can easly use `Hash` insted of `eval`. Or you can use something like this: http://stackoverflow.com/a/17842868/2862049 – Lukas Baliak Jun 15 '16 at 13:55
  • 1
    Please add punctuations to your question. – Aetherus Jun 15 '16 at 13:57
  • Never trust the scary internet and `eval` user input. You have too many places for attackers to inject their malicious code. – Aetherus Jun 15 '16 at 14:00
  • It's not clear to me what you're trying to do. – Dave Newton Jun 15 '16 at 14:34
  • @DaveNewton I am trying to generate params based on the amount of questions in a db table (or the length of the array) and have the auto increase their name / number for my sinatra front end – Joseph McKenzie Jun 15 '16 at 14:58
  • That doesn't really help much; sorry. So far you haven't said anything that makes me think there's anything that requires any sort of metaprogramming at all, or anything even approaching it. – Dave Newton Jun 15 '16 at 15:05

0 Answers0