Forum: Ruby on Rails ActiveRecord.create using Mysql builtin methods?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
David W. (Guest)
on 2009-04-11 01:07
Hello,

Basically, I need to do an insert such as:

create(
'user_id'     => "#{uid}",
'cre_date'    => 'date_add(now(), interval 12 hour)',
'expire_date' => 'now()',
'upd_date'    => 'now()'
)

where, date_add() and now() are executed ('populated') server side.

I can accomplish the insert, low level with:
a = ActiveRecord::Base.connection.insert("INSERT into sess (user_id,
cre_date, expire_date, upd_date) VALUES ("#{uid}", now(),
date_add(now(), interval 12 hour), now())");

but that is less than ideal (sql injection comes to mind)

Is there a 'standard' way to do this with ActiveRecord? (or a way to
accomplish the insert 'safely' (without duplicating the work or arg
validation))

(Note: I am using a legacy database schema, not an activerecord created
database)

Thanks
Frederick C. (Guest)
on 2009-04-11 01:23
(Received via mailing list)
On 10 Apr 2009, at 22:07, David W. wrote:

> )
> Is there a 'standard' way to do this with ActiveRecord? (or a way to
> accomplish the insert 'safely' (without duplicating the work or arg
> validation))
>
> (Note: I am using a legacy database schema, not an activerecord
> created
> database)

I'd use the sanitize_sql methods in activerecord to do the escaping
stuff. AR in general doesn't leave much up to the database.

Fred
This topic is locked and can not be replied to.