Sanitize SQL?

I have the following code in my model, that executes a stored procedure:

    connection.execute "exec PS_SaveData ?, ?, ?, ?, ?, ?, ?, ?, ?, 

?,
?, ?, ?, ?, ?",
day.to_s, crew_leader.to_s,
dayshiftyn.to_s,
numtrucks.to_s,
numrounds.to_s, numdigouts.to_s,
shuttlebuggyyn.to_s, notes.to_s,
jobid.to_s, sequence.to_s, material.to_s,
oil.to_s, tons.to_s,
plant.to_s, site.to_s

It doesn’t work, because connection.execute just wants the SQL string to
be
passed to it. I’m also looking at this code in ActiveRecord::Base, in an
attempt to see how Rails sanitizes sql…

581: def find_by_sql(sql)
582: connection.select_all(sanitize_sql(sql), “#{name}
Load”).collect! { |record| instantiate(record) }
583: end

But I’m not sure how to apply it to my code above. Help?

TIA,

• Clinton

On 27 Aug 2008, at 19:16, “Clinton Judy” [email protected]
wrote:

                           jobid.to_s, sequence.to_s,  

582: connection.select_all(sanitize_sql(sql), “#{name}
Load”).collect! { |record| instantiate(record) }

583: end

But I’m not sure how to apply it to my code above. Help?

The sanitize_sql function just wants an array whose first element is
an SQL fragment and the following ones the variables to be inserted.

Fred

Thanks! I got it working here.

    sql = ["exec PS_SaveData ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 

?,
?",
day.to_s, crew_leader.to_s, dayshiftyn.to_s,
numtrucks.to_s,
numrounds.to_s, numdigouts.to_s, shuttlebuggyyn.to_s,
notes.to_s,
jobid.to_s, sequence.to_s, material.to_s, oil.to_s,
tons.to_s,
plant.to_s, site.to_s]

    connection.execute(sanitize_sql(sql))

On Wed, Aug 27, 2008 at 2:41 PM, Frederick C. <