I want to do something like this in Rails:
“SELECT *, COUNT(post_id) AS total FROM comments … conditions”
Is that SELECT possible in Rails. Ohterwise, I can use find_by_sql, but
i’m trying to avoid SQL injection and this SQL needs a parameter. Is
there a way to sanitize this parameter?
I’ll appreciate any help
On Feb 5, 2:09 pm, John S. [email protected] wrote:
I want to do something like this in Rails:
“SELECT *, COUNT(post_id) AS total FROM comments … conditions”
Is that SELECT possible in Rails. Ohterwise, I can use find_by_sql, but
i’m trying to avoid SQL injection and this SQL needs a parameter. Is
there a way to sanitize this parameter?
I’ll appreciate any help
Posted viahttp://www.ruby-forum.com/.
“You can use the same string replacement techniques as you can with
ActiveRecord#find.”
alternatively, does :select => “*, COUNT(post_id) AS total” in your
Comments.find work?
Thanks a lot, find_by_sql worked! I tried to do the same, but I did not
use the [ ]. I tried :select => … also before asking, but that did not
work.
pharrington wrote:
On Feb 5, 2:09�pm, John S. [email protected] wrote:
I want to do something like this in Rails:
“SELECT *, COUNT(post_id) AS total FROM comments … conditions”
Is that SELECT possible in Rails. Ohterwise, I can use find_by_sql, but
i’m trying to avoid SQL injection and this SQL needs a parameter. Is
there a way to sanitize this parameter?
I’ll appreciate any help
Posted viahttp://www.ruby-forum.com/.
“You can use the same string replacement techniques as you can with
ActiveRecord#find.”
ActiveRecord::Base
alternatively, does :select => “*, COUNT(post_id) AS total” in your
Comments.find work?