This is what I’m trying to do:
@contacts = Contact.find(:all, :conditions => [[“jobs.name LIKE ?”,
‘Teacher%’], {:group_id => current_contact.group}], :include =>
[:jobs, :photos])
Obviously it’s not working. Is this my only option?
@contacts = Contact.find(:all, :conditions => [‘jobs.name LIKE ? AND
group_id = ?’, ‘Teacher%’, current_contact.group], :include =>
[:jobs, :photos])
Quoting CoolAJ86 [email protected]:
[:jobs, :photos])
:conditions =>
“jobs.name LIKE ‘Teacher%’ AND group_id = #{current_contact.group}”
HTH,
Jeffrey
On Aug 20, 8:01 am, CoolAJ86 [email protected] wrote:
This is what I’m trying to do:
@contacts = Contact.find(:all, :conditions => [[“jobs.name LIKE ?”,
‘Teacher%’], {:group_id => current_contact.group}], :include =>
[:jobs, :photos])
Obviously it’s not working. Is this my only option?
@contacts = Contact.find(:all, :conditions => [‘jobs.name LIKE ? AND
group_id = ?’, ‘Teacher%’, current_contact.group], :include =>
[:jobs, :photos])
In general that is about it. In this particular case it looks like you
could do
current_contact.group.contacts.find :all, :conditions => [[“jobs.name
LIKE ?”, ‘Teacher%’], …
assuming that group has_many contacts
Fred
Jeffrey L. Taylor wrote:
Quoting CoolAJ86 [email protected]:
[:jobs, :photos])
:conditions =>
“jobs.name LIKE ‘Teacher%’ AND group_id = #{current_contact.group}”
HTH,
Jeffrey
Passing a string to :conditions like this welcomes sql injection attacks
So can it be avoided and pass an array instaed like in last post by
fred?Am I right?
Sijo
In general that is about it. In this particular case it looks like you
could do
current_contact.group.contacts.find :all, :conditions => [[“jobs.name
LIKE ?”, ‘Teacher%’], …
As I understand it, that won’t eager-load (join) groups, jobs, and
contacts together.
See, as I iterate through contacts I want to pull group and job
information without excess database calls.
Quoting Sijo Kg [email protected]:
Passing a string to :conditions like this welcomes sql injection attacks
So can it be avoided and pass an array instaed like in last post by
fred?Am I right?
Only if current_contact.group is string. I assumed that it is an
integer, in
which case, no SQL injection attack is possible for this call.
Jeffrey