Can :conditions use an array and a dictionary together?

This is what I’m trying to do:

@contacts = Contact.find(:all, :conditions => [[“jobs.name LIKE ?”,
‘Teacher%’], {:group_id => current_contact.group}], :include =>
[:jobs, :photos])

Obviously it’s not working. Is this my only option?
@contacts = Contact.find(:all, :conditions => [‘jobs.name LIKE ? AND
group_id = ?’, ‘Teacher%’, current_contact.group], :include =>
[:jobs, :photos])

Quoting CoolAJ86 [email protected]:

[:jobs, :photos])
:conditions =>
“jobs.name LIKE ‘Teacher%’ AND group_id = #{current_contact.group}”

HTH,
Jeffrey

On Aug 20, 8:01 am, CoolAJ86 [email protected] wrote:

This is what I’m trying to do:

@contacts = Contact.find(:all, :conditions => [[“jobs.name LIKE ?”,
‘Teacher%’], {:group_id => current_contact.group}], :include =>
[:jobs, :photos])

Obviously it’s not working. Is this my only option?
@contacts = Contact.find(:all, :conditions => [‘jobs.name LIKE ? AND
group_id = ?’, ‘Teacher%’, current_contact.group], :include =>
[:jobs, :photos])

In general that is about it. In this particular case it looks like you
could do

current_contact.group.contacts.find :all, :conditions => [[“jobs.name
LIKE ?”, ‘Teacher%’], …

assuming that group has_many contacts

Fred

Jeffrey L. Taylor wrote:

Quoting CoolAJ86 [email protected]:

[:jobs, :photos])
:conditions =>
“jobs.name LIKE ‘Teacher%’ AND group_id = #{current_contact.group}”

HTH,
Jeffrey

Passing a string to :conditions like this welcomes sql injection attacks
So can it be avoided and pass an array instaed like in last post by
fred?Am I right?

Sijo

In general that is about it. In this particular case it looks like you
could do

current_contact.group.contacts.find :all, :conditions => [[“jobs.name
LIKE ?”, ‘Teacher%’], …

As I understand it, that won’t eager-load (join) groups, jobs, and
contacts together.

See, as I iterate through contacts I want to pull group and job
information without excess database calls.

Quoting Sijo Kg [email protected]:

Passing a string to :conditions like this welcomes sql injection attacks
So can it be avoided and pass an array instaed like in last post by
fred?Am I right?

Only if current_contact.group is string. I assumed that it is an
integer, in
which case, no SQL injection attack is possible for this call.

Jeffrey

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs