Forum: Ruby on Rails sql injection

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Onur T. (Guest)
on 2005-12-13 17:32
(Received via mailing list)
hi,
I want to create an sql condition like "date=? AND
published=?",date,published like I can do in :conditions=> hash. but
couldnt
find a method for doing it in a standalone string; I mean outside find
by
sql or :conditions. how can I do that?
thanks in advance
Kevin O. (Guest)
on 2005-12-13 18:47
Is this what you want?

sql = "date = #{date} AND published=#{published}"
Lou V. (Guest)
on 2005-12-13 18:53
(Received via mailing list)
use methods 'quote' or 'sanitize'
Kevin B. (Guest)
on 2005-12-13 19:54
(Received via mailing list)
I just got done reviewing some of the info in the ferret wiki. It looks
like
some great work - thanks!

I'm building an app that is going have some search capability and I was
planning
on using mysql with fulltext searches, but looking at ferret has got me
wondering if there might not be a better way.

Specifically, I was wondering about the idea of using an in memory index
for
increasing the speed of searches.

The data i'm storing will be most utilized when it is relatively new.
After it's
a few days old, people won't need it as much. So putting all this data
in the
same database may not make sense (if it's relatively easy to split it
into
'fresh' and 'stale' databases).

Would it make sense to consider using an in-memory cache of documents
for the
newest data while having a disk-based index for when people want to
search for
older documents? Or would the performance gains not be worth the effort?

-kevin
Chris H. (Guest)
on 2005-12-17 14:41
(Received via mailing list)
:conditions => ["date = ? and published = ?", date, published]
Onur T. (Guest)
on 2005-12-17 14:41
(Received via mailing list)
I wanted to mean, how can I make this replacement except using
:conditions.
outside the query.
This topic is locked and can not be replied to.