In my controller…this code works
def list2
first_name = params[:client][:first_name]
@myclients = Client.find(:all, :conditions =>
[“first_name = :first_name”, {:first_name => first_name}])
end
this code doesn’t…
def list2
first_name = params[:client][:first_name]
if first_name
searchstring = ‘[“first_name = :first_name”, {:first_name =>
first_name}]’
end
@myclients = Client.find(:all, :conditions => searchstring)
end
it results in error…
RuntimeError: ERROR C42601 Msyntax error at or near
“[” P30 Fscan.l L573
Ryyerror: SELECT * FROM clients WHERE ([“first_name = :first_name”,
{:first_name => first_name}])
Why or more specifically, how do I accomplish this since I want to test
each field from the search form for presence of field data and string
this together for an ‘or’ type search.
Craig
Try parameterizing your queries. It protects against sql injection
attacks:
@foo = Client.find(:all, :conditions => [‘first_name = ?’,
some_variable])
I think this will serve you better. I’m writing this code out of my
head, so
you may need to relook the syntax.
Hi,
On 03/02/06, Craig W. [email protected] wrote:
end
Try this:
def list2
first_name = params[:client][:first_name]
if first_name
conditions = [“first_name = :first_name”, {:first_name =>
first_name}]
end
@myclients = Client.find(:all, :conditions => conditions)
end
There is no magical evaluation of string into array. If it expects an
array you have to give it an array. A string with ruby syntax
describing an array won’t do.
On Fri, 2006-02-03 at 19:50 +0100, Åukasz Piestrzeniewicz wrote:
end
first_name}]
end
@myclients = Client.find(:all, :conditions => conditions)
end
There is no magical evaluation of string into array. If it expects an
array you have to give it an array. A string with ruby syntax
describing an array won’t do.
I see…said the blind man.
Thanks Lukasz, Steve, Andrej…that makes perfect sense to me now…I of
course simply see the same language…rails sees the objects.
Craig