Sql injection

I want to create an sql condition like “date=? AND
published=?”,date,published like I can do in :conditions=> hash. but
find a method for doing it in a standalone string; I mean outside find
sql or :conditions. how can I do that?
thanks in advance

Is this what you want?

sql = “date = #{date} AND published=#{published}”

use methods ‘quote’ or ‘sanitize’

I just got done reviewing some of the info in the ferret wiki. It looks
some great work - thanks!

I’m building an app that is going have some search capability and I was
on using mysql with fulltext searches, but looking at ferret has got me
wondering if there might not be a better way.

Specifically, I was wondering about the idea of using an in memory index
increasing the speed of searches.

The data i’m storing will be most utilized when it is relatively new.
After it’s
a few days old, people won’t need it as much. So putting all this data
in the
same database may not make sense (if it’s relatively easy to split it
‘fresh’ and ‘stale’ databases).

Would it make sense to consider using an in-memory cache of documents
for the
newest data while having a disk-based index for when people want to
search for
older documents? Or would the performance gains not be worth the effort?


:conditions => [“date = ? and published = ?”, date, published]

I wanted to mean, how can I make this replacement except using
outside the query.