[Rails] Re: Native sql query with array-like, prepared statement

On Fri, Oct 30, 2009 at 3:57 AM, neomizer <hthpsycho@gmx.de> wrote:

Hi,

I'm using in my project ActiveRecord::Base.connection.select_value and
ActiveRecord::Base.connection.select_rows several times to execute
complex queries. This basically works, but I need to check the params
in order to avoid sql-injection by myself. Even worse I've to handle
basic datatype conversions, e.g. choose 0/1 or 't'/'f' as appropiate
boolean for sqlite or MySQL.

Is there any way to execute a model-unrelated sql-query by passing an
array (["select <whatever> from model where <something>=?","nice-
value"]) instead of a string?!

Why can't you use find_by_sql instead of ActiveRecord::Base.connection.select_rows?  You can start with one Model and query from another.  For example, Apple.find_by_sql(["SELECT apples.flavor as apple_flavor, bananas.flavor as banana_flavor FROM apples, bananas WHERE....", something])

--
www.abetaday.com

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---