Forum: Ruby on Rails sql injection

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
Onur T. (Guest)
on 2005-12-13 17:32
(Received via mailing list)
I want to create an sql condition like "date=? AND
published=?",date,published like I can do in :conditions=> hash. but
find a method for doing it in a standalone string; I mean outside find
sql or :conditions. how can I do that?
thanks in advance
Kevin O. (Guest)
on 2005-12-13 18:47
Is this what you want?

sql = "date = #{date} AND published=#{published}"
Lou V. (Guest)
on 2005-12-13 18:53
(Received via mailing list)
use methods 'quote' or 'sanitize'
Kevin B. (Guest)
on 2005-12-13 19:54
(Received via mailing list)
I just got done reviewing some of the info in the ferret wiki. It looks
some great work - thanks!

I'm building an app that is going have some search capability and I was
on using mysql with fulltext searches, but looking at ferret has got me
wondering if there might not be a better way.

Specifically, I was wondering about the idea of using an in memory index
increasing the speed of searches.

The data i'm storing will be most utilized when it is relatively new.
After it's
a few days old, people won't need it as much. So putting all this data
in the
same database may not make sense (if it's relatively easy to split it
'fresh' and 'stale' databases).

Would it make sense to consider using an in-memory cache of documents
for the
newest data while having a disk-based index for when people want to
search for
older documents? Or would the performance gains not be worth the effort?

Chris H. (Guest)
on 2005-12-17 14:41
(Received via mailing list)
:conditions => ["date = ? and published = ?", date, published]
Onur T. (Guest)
on 2005-12-17 14:41
(Received via mailing list)
I wanted to mean, how can I make this replacement except using
outside the query.
This topic is locked and can not be replied to.