Searching in Rails app with Ransack howto by Komal Swami - March 6, 2023March 6, 20230 Contents Beginners guide In previous articles we have covered beginner guides for debugging ruby on rails application, in this post we shall cover searching and sorting in the rails app with ransack library. After reading this article you would realise that adding Ransack gem to your MVC- model and view controller application and you’re all set to use searching and sorting. You would barely need custom routes or helpers functions. Everything is available in ransack gem :-). At the end of this article I have tried to provide alternatives to ransack and some security flaws in ransack gem if it is used in default configurations. Introduction Ransack will help you easily add searching and sorting capabilities to your Rails application, without any additional dependencies. You can download the latest ransack gem from ruby.org or add the version you need in Gemfile and run ‘bundle update’ to install the required version. Setting up For Searching and Sorting in Rails App with Ransack Lets create new app $ rails new searchblog add ransack gem to your gemfile and run bundle install command on command prompt gem 'ransack' gem 'faker' $ bundle install confirm if ransack library is properly installed using ‘gem list ransack’ we can then generate the article scaffold rails g scaffold Article title body:text migrate db $ rails db:migrate searching setup of article controller class ArticlesController < ApplicationController before_action :set_article, only: %i[ show edit update destroy ] # GET /articles or /articles.json def index @q = Article.ransack(params[:q]) @articles = @q.result(distinct: true) end Add search form in views/articles/index.html.erb <p id="notice"><%= notice %></p> <h1>Articles</h1> <%= search_form_for @q do |f| %> <%= f.search_field :title_or_body_cont, placeholder: "Search..." %> <%= f.submit "Search!" %> <% end %> <table> <thead> <tr> <th><%= sort_link(@q, :title, "Title", default_order: :asc) %></th> <th><%= sort_link(@q, :body, "Article Content", default_order: :desc) %></th> <th colspan="3"></th> </tr> </thead> <tbody> <% @articles.each do |article| %> <tr> <td><%= article.title %></td> <td><%= article.body %></td> <td><%= link_to 'Show', article %></td> <td><%= link_to 'Edit', edit_article_path(article) %></td> <td><%= link_to 'Destroy', article, method: :delete, data: { confirm: 'Are you sure?' } %></td> </tr> <% end %> </tbody> </table> <br> <%= link_to 'New Article', new_article_path %> We will seed some data into our database to search. # add this into db/seed.rb 5.times do |x| Article.create(title: Faker::Lorem.sentences(number: 1), body: Faker::Lorem.paragraph(sentence_count: 5)) end Run following in command prompt rails db:seed Now .Let’s start server and find records by association model $ rails s Alternatives to Ransack Elasticsearch Elasticsearch is the most popular enterprise search engine. Check out elasticsearch-ruby gem from github. I hope you have enjoyed reading Searching and Sorting in Rails App with Ransack gem. The positive.security article explains that poor integration of ransack gem is vulnerable to brute-force attacks. So, from the security point of view should we use or switch to elasticsearch-ruby gem, what are your thoughts?