Contoller code mysteries


#1

In my controller…this code works

def list2
first_name = params[:client][:first_name]
@myclients = Client.find(:all, :conditions =>
[“first_name = :first_name”, {:first_name => first_name}])
end

this code doesn’t…

def list2
first_name = params[:client][:first_name]
if first_name
searchstring = ‘[“first_name = :first_name”, {:first_name =>
first_name}]’
end

@myclients = Client.find(:all, :conditions => searchstring)

end

it results in error…

RuntimeError: ERROR C42601 Msyntax error at or near
“[” P30 Fscan.l L573
Ryyerror: SELECT * FROM clients WHERE ([“first_name = :first_name”,
{:first_name => first_name}])

Why or more specifically, how do I accomplish this since I want to test
each field from the search form for presence of field data and string
this together for an ‘or’ type search.

Craig


#2

Try parameterizing your queries. It protects against sql injection
attacks:

@foo = Client.find(:all, :conditions => [‘first_name = ?’,
some_variable])

I think this will serve you better. I’m writing this code out of my
head, so
you may need to relook the syntax.


#3

Hi,

On 03/02/06, Craig W. removed_email_address@domain.invalid wrote:

end
Try this:

def list2
first_name = params[:client][:first_name]
if first_name
conditions = [“first_name = :first_name”, {:first_name =>
first_name}]
end

@myclients = Client.find(:all, :conditions => conditions)
end

There is no magical evaluation of string into array. If it expects an
array you have to give it an array. A string with ruby syntax
describing an array won’t do.


#4

On Fri, 2006-02-03 at 19:50 +0100, Łukasz Piestrzeniewicz wrote:

end

first_name}]
end

@myclients = Client.find(:all, :conditions => conditions)
end

There is no magical evaluation of string into array. If it expects an
array you have to give it an array. A string with ruby syntax
describing an array won’t do.


I see…said the blind man.

Thanks Lukasz, Steve, Andrej…that makes perfect sense to me now…I of
course simply see the same language…rails sees the objects.

Craig