ActiveRecord.create using Mysql builtin methods?


#1

Hello,

Basically, I need to do an insert such as:

create(
‘user_id’ => “#{uid}”,
‘cre_date’ => ‘date_add(now(), interval 12 hour)’,
‘expire_date’ => ‘now()’,
‘upd_date’ => ‘now()’
)

where, date_add() and now() are executed (‘populated’) server side.

I can accomplish the insert, low level with:
a = ActiveRecord::Base.connection.insert(“INSERT into sess (user_id,
cre_date, expire_date, upd_date) VALUES (”#{uid}", now(),
date_add(now(), interval 12 hour), now())");

but that is less than ideal (sql injection comes to mind)

Is there a ‘standard’ way to do this with ActiveRecord? (or a way to
accomplish the insert ‘safely’ (without duplicating the work or arg
validation))

(Note: I am using a legacy database schema, not an activerecord created
database)

Thanks


#2

On 10 Apr 2009, at 22:07, David W. wrote:

)
Is there a ‘standard’ way to do this with ActiveRecord? (or a way to
accomplish the insert ‘safely’ (without duplicating the work or arg
validation))

(Note: I am using a legacy database schema, not an activerecord
created
database)

I’d use the sanitize_sql methods in activerecord to do the escaping
stuff. AR in general doesn’t leave much up to the database.

Fred