Can :conditions use an array and a dictionary together?

This is what I’m trying to do:

@contacts = Contact.find(:all, :conditions => [[“jobs.name LIKE ?”,
‘Teacher%’], {:group_id => current_contact.group}], :include =>
[:jobs, :photos])

Obviously it’s not working. Is this my only option?
@contacts = Contact.find(:all, :conditions => [‘jobs.name LIKE ? AND
group_id = ?’, ‘Teacher%’, current_contact.group], :include =>
[:jobs, :photos])

Quoting CoolAJ86 [email protected]:

[:jobs, :photos])
:conditions =>
“jobs.name LIKE ‘Teacher%’ AND group_id = #{current_contact.group}”

HTH,
Jeffrey

On Aug 20, 8:01 am, CoolAJ86 [email protected] wrote:

This is what I’m trying to do:

@contacts = Contact.find(:all, :conditions => [[“jobs.name LIKE ?”,
‘Teacher%’], {:group_id => current_contact.group}], :include =>
[:jobs, :photos])

Obviously it’s not working. Is this my only option?
@contacts = Contact.find(:all, :conditions => [‘jobs.name LIKE ? AND
group_id = ?’, ‘Teacher%’, current_contact.group], :include =>
[:jobs, :photos])

In general that is about it. In this particular case it looks like you
could do

current_contact.group.contacts.find :all, :conditions => [[“jobs.name
LIKE ?”, ‘Teacher%’], …

assuming that group has_many contacts

Fred

Jeffrey L. Taylor wrote:

Quoting CoolAJ86 [email protected]:

[:jobs, :photos])
:conditions =>
“jobs.name LIKE ‘Teacher%’ AND group_id = #{current_contact.group}”

HTH,
Jeffrey

Passing a string to :conditions like this welcomes sql injection attacks
So can it be avoided and pass an array instaed like in last post by
fred?Am I right?

Sijo

In general that is about it. In this particular case it looks like you
could do

current_contact.group.contacts.find :all, :conditions => [[“jobs.name
LIKE ?”, ‘Teacher%’], …

As I understand it, that won’t eager-load (join) groups, jobs, and
contacts together.

See, as I iterate through contacts I want to pull group and job
information without excess database calls.

Quoting Sijo Kg [email protected]:

Passing a string to :conditions like this welcomes sql injection attacks
So can it be avoided and pass an array instaed like in last post by
fred?Am I right?

Only if current_contact.group is string. I assumed that it is an
integer, in
which case, no SQL injection attack is possible for this call.

Jeffrey