I want to allow the user to 'filter' his query on a DB.

So, I allow them to select checked boxes for the infor they want. I 
then format a string and pass it to a function. My function looks like 
this:


<script>
function refreshScrollList(strQuery)
{

alert("Sample_test1.rhtml");

alert("HERE IS THE QUERY STRING " + strQuery);      <--everything 
looks right here

<%
require "dbi"
require 'cgi'
cgi = CGI.new


# Require the CGI library

# prepare trap for form variables
# there is an artifact space sent from an empty form field so to 
verify the field values have to be
# Stripped of whitespace and carriage returns (strip) so (empty) will 
work properly.
username = cgi['username'].strip
profession = cgi['profession'].strip


dbh = 
DBI.connect("dbi:Pg:dbname=products;host=blank;port=blank","blank","bla
nk")
# get server version string and display it
row = dbh.select_one("SELECT VERSION()")
#puts "Server version" " + row[0]);

#newsth = dbh.execute(strQuery);           <-----This is the line I 
want to use.

the next line is the hard coded value that I have working right now

newsth = dbh.execute("SELECT id, condition  FROM products WHERE 
beginyear>'1990' LIMIT 100;")

rows = newsth.fetch_all
%>

Array_Header = <%=newsth.column_names.inspect%>;
Array_Body = <%=rows.inspect%>;

refreshList();

}
</script>




This is probably a simple task. Thanks in advance!