Here’s the situation: I’m writing a Rails app that connect to a SQL
Server DB via the ODBC adapter. As an outside, non-negotiable
requirement, and writes to the DB must be performed using stored
procedures. (I know, I know… it sucks).
When constructing the query string, how do I go about escaping the
parameters I want to insert.
My first thought was Rail’s parameterization of query strings:
Model.connection.execute [“EXECUTE dumb_sp ‘?’,’?’,’?’”, a, b, c]
No luck, execute doesn’t accept that, it will only accept a string.
Am I stuck with gsubbing all those strings or is there away to compile
the array form to a query that I could use?