rails 3 controller select models

i have something not working like i want in my controller.

my controller

  if params[:commit]
  @search = Building.select('buildings.id, buildings.slug, floors.id, spaces.id, buildings.name, floors.floor_number, spaces.space_number').joins('INNER JOIN floors ON floors.building_id = buildings.id INNER JOIN spaces ON spaces.floor_id = floors.id')
  @search = @search.where("buildings.name like '%#{params[:building_name]}%'") if !params[:building_name].blank?
  #@search = @search.where("buildings.name like ?", params[:building_name]) if !params[:building_name].blank?
  if params[:space_type].present?
    @search = @search.where("spaces.space_type_id = ?", params[:space_type][:space_type_id]) if !params[:space_type][:space_type_id].blank?
  end
  @search = @search.where("floors.min_net_rent >= #{params[:floor_min_rent]}") i开发者_如何学Pythonf !params[:floor_min_rent].blank?
  @search = @search.where("floors.max_net_rent <= #{params[:floor_max_rent]}") if !params[:floor_max_rent].blank?

  @building = @search
else
  @building = ''

end 

my models

class Building < ActiveRecord::Base

  has_many :floors

end


class Floor < ActiveRecord::Base

  belongs_to :building
  has_many :space

end

class Space < ActiveRecord::Base
  belongs_to :floor
end

the debug <%= debug @building %> return me

[#<Building id: 9, name: "234234", slug: nil>] (as example)

But i want to get information about floors and spaces.

Someone have an idea how to resolv this?

thanks.

try to use []

example

@orders = Order.select("orders.*, cities.name AS city_name, countries.name AS country_name, customers.account_id as customer_acc").
      joins("LEFT JOIN customers ON customers.id = orders.customer_id").
      joins("LEFT JOIN cities ON orders.city_id = cities.id").
      joins("LEFT JOIN countries ON cities.country_id = countries.id")

in view:

<tbody>
    <% @orders.each do |order| %>
        <tr class="">
            <td><%= order[:country_name] %></td>
            <td><%= order[:city_name] %></td>
        <td><%= order.type_code %></td>
            <td><%= order[:customer_acc] %></td>
        <td><%= order.detail %></td>
        <td><%= order.number %></td>
            <td><%= order.expire_date %></td>
        <td><%= order.status %></td>
        </tr>
    <% end %>
  </tbody>

when you use select(), only attributes belonging to your model will be accessible through your record object. You then have to use associations like @building.floors, @floor.building... to process data. Have a close look at the association methods that ActiveRecord creates.

I'd moreover recommend, as you're looking for information on floors and spaces, to start your query on Floor or Space, not on Building.

@neimad, not a direct answer to your question but you're leaving yourself open for SQL injection attacks by directly embedding your params in your query:

i.e.

@search = @search.where("buildings.name like '%#{params[:building_name]}%'") if !params[:building_name].blank?

is vulnerable if I set params[:building_name] to something malicious.

using

@search = @search.where("buildings.name like ?", "%#{params[:building_name]}%") if !params[:building_name].blank?

on the other hand, will properly escape your build_name param.

Even if I'm not being malicious, searching for building name: Kristian's Building will break this query. Same problem applies to floor rent max/min conditions