Fabulous search routine from RailsSpace but missing 'LIKE' strategy?

I’m having a wonderful time with the RailsSpace book and using their
‘browse’ example to fashion my queries.
Does anyone know how/if I can include a LIKE statement using this
strategy? I’ve been searching the web all day and find this is a non-
standard strategy as it seems to be open to SQL injection
attacks…thus I included the sanitize_sql methods to try to protect my
database. Anyway, here’s the great code to run this;
def self.find_by_search(params)
where = []
where << sanitize_sql(“zipcode = :zipcode”) unless
params[:zipcode].blank?
where << sanitize_sql(“city = :city”) unless
params[:city].blank?
where << sanitize_sql(“state = :state”) unless
params[:state].blank?
where << sanitize_sql(“county = :county”) unless
params[:county].blank?
if where.empty?
[]
else
find(:all,
:conditions => [where.join(" AND "), params],
:order => params[:order])
end
end
If anyone has any ideas how I could utilize a LIKE verb, I’d be
grateful to hear.
Thanks,
Kathy

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs