Sanitinzing text before inserting

Rails
1

Hi All,
I am not aware of how many time this question might have propped up and
how many would have answered but googling for this did not satisfy me.
The issue that I am facing in one of my Rails Application is that I am
entering data in to a different database. I am using the following
connection.insert method of the ActiveRecord Base[/b]

model_name.connection.insert(INSERT IN TO
another_database.some_table(columns)VALUES())

This works fine till the point that no special characters are used. If
the user tries to insert a " ’ "(single quote) or (’ " ') a double
quote the insert fails.

I brushed through the API and found that they use the protected class
method of ‘sanitize_sql_array’ etc.

One possible way is to do a gsub and replace the ’ with /’ but I wanted
to know if there is any method in Ruby or Rails that could sanitize the
text before entering it in to the database

2

On 6 May 2008, at 11:18, jazzy jazzy wrote:

model_name.connection.insert(INSERT IN TO
another_database.some_table(columns)VALUES())

You’ll be a lot easier off if you create a model configured to use
that other database connection. If that is truly impossible,
connection.quote should help you.
sanitize_sql etc… are protected methods, but that means it’s fine to
call them from a descendant of ActiveRecord (and I really hope you
haven’t got that in a controller)

Fred

3

Hey Fred thanks for your response.

Frederick C. wrote:

On 6 May 2008, at 11:18, jazzy jazzy wrote:

model_name.connection.insert(INSERT IN TO
another_database.some_table(columns)VALUES())

You’ll be a lot easier off if you create a model configured to use
that other database connection.

That is a good option. But I am new to Rails and getting confused with
the establish_connection of the ActiveRecordBase

It would be great if you could give me an example of how to use it since
I am confused of where to use it in the controller or the Model.

If that is truly impossible,

connection.quote should help you.

Could you also give a small example of how to use it?

Thanks
Vinay

4

What flavour of database are you using?

5

vanderkerkoff wrote:

What flavour of database are you using?

MySql Server 5.0

6

Jazzy, why don’t you use UTF8 encoding?

7

On May 6, 2008, at 7:38 AM, jazzy jazzy wrote:

that other database connection.

That is a good option. But I am new to Rails and getting confused with
the establish_connection of the ActiveRecordBase

It would be great if you could give me an example of how to use it
since
I am confused of where to use it in the controller or the Model.

It is in the Model. Here’s an example:

class LegacyModel < ActiveRecord::Base
establish_connection “legacy” if
RAILS_ENV == ‘production’ && configurations.has_key?(‘legacy’)

end

The argument (“legacy”) refers to a named configuration in your
database.yml file. In this case the conditional I have lets me have
normal development and test connections to a single database, but in
production, the “legacy” database connection will be used. If you
always connected a particular model to a different database, you’d
need only:

class AnotherDatabaseModel < ActiveRecord::Base
establish_connection “another_database”

end

If you have many models that live in another database, you can:

class SomeModel < AnotherDatabaseModel

I will inherit the connection

end

class OnceMoreModel < AnotherDatabaseModel

I will inherit the connection, too

end

-Rob

Rob B. http://agileconsultingllc.com
[email protected]