ActiveRecord.create using Mysql builtin methods?

Hello,

Basically, I need to do an insert such as:

create(
‘user_id’ => “#{uid}”,
‘cre_date’ => ‘date_add(now(), interval 12 hour)’,
‘expire_date’ => ‘now()’,
‘upd_date’ => ‘now()’
)

where, date_add() and now() are executed (‘populated’) server side.

I can accomplish the insert, low level with:
a = ActiveRecord::Base.connection.insert(“INSERT into sess (user_id,
cre_date, expire_date, upd_date) VALUES (”#{uid}", now(),
date_add(now(), interval 12 hour), now())");

but that is less than ideal (sql injection comes to mind)

Is there a ‘standard’ way to do this with ActiveRecord? (or a way to
accomplish the insert ‘safely’ (without duplicating the work or arg
validation))

(Note: I am using a legacy database schema, not an activerecord created
database)

Thanks

On 10 Apr 2009, at 22:07, David W. wrote:

)
Is there a ‘standard’ way to do this with ActiveRecord? (or a way to
accomplish the insert ‘safely’ (without duplicating the work or arg
validation))

(Note: I am using a legacy database schema, not an activerecord
created
database)

I’d use the sanitize_sql methods in activerecord to do the escaping
stuff. AR in general doesn’t leave much up to the database.

Fred

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs