Using ruby variables with ruby/mysql

How do you put whats in a variable into a column
in a ruby/mysql database?

I thought you could just put the variable name in
an INSERT statement?

but ‘@mytext’ puts in @mydata literally into the db.
and @mytext gives an error message.
I also tried mytext

sample code
res = dbh.query(“INSERT INTO word (u, up, temp) VALUES(‘check’, ‘check’,
@mytext)”)

tags: ruby/mysql, variables, ruby, databases

Mer G. wrote:

sample code
res = dbh.query(“INSERT INTO word (u, up, temp) VALUES(‘check’, ‘check’,
@mytext)”)

tags: ruby/mysql, variables, ruby, databases


Posted via http://www.ruby-forum.com/.

“#{@mytext}” will substitute the value of @mytext into the string.
Note that this only works for double quoted strings…

_Kevin

“#{@mytext}” will substitute the value of @mytext into the string.
Note that this only works for double quoted strings…

_Kevin

Sorry, what do you mean?

I want to put the variable mytest’s contents into a database.
The contents of the variable wouldnt have any quotes on them.

Do you mean I used “#{@mytext}” in the insert statement?

Mer G. wrote:

Do you mean I used “#{@mytext}” in the insert statement?


Posted via http://www.ruby-forum.com/.

like this…
res = dbh.query(“INSERT INTO word (u, up, temp) VALUES(‘check’,
‘check’,
#{@mytext})”)

although I’d wager that since you aren’t using ActiveRecord that there
is probably a much easier way to accomplish your goal

_Kevin

_Kevin wrote:

Mer G. wrote:

Do you mean I used “#{@mytext}” in the insert statement?


Posted via http://www.ruby-forum.com/.

like this…
res = dbh.query(“INSERT INTO word (u, up, temp) VALUES(‘check’,
‘check’,
#{@mytext})”)

although I’d wager that since you aren’t using ActiveRecord that there
is probably a much easier way to accomplish your goal

_Kevin

My transations should be very simple. reading, copying to variables and
writing. But do i need to add a gem for activerecord? I might take a
look at it in case i need to implement it.

Mer G. wrote:

like this…
res = dbh.query(“INSERT INTO word (u, up, temp) VALUES(‘check’,
‘check’,
#{@mytext})”)

Not seeing the data in the table after applying this. Something is
wrong.

You would need
“INSERT INTO word (u, up, temp) VALUES(‘check’, ‘check’, ‘#{@mytext}’)”

This does however leave you open to all sorts of sql injection nasties

Fred

like this…
res = dbh.query(“INSERT INTO word (u, up, temp) VALUES(‘check’,
‘check’,
#{@mytext})”)

Not seeing the data in the table after applying this. Something is
wrong.

Frederick C. wrote:

Mer G. wrote:

like this…
res = dbh.query(“INSERT INTO word (u, up, temp) VALUES(‘check’,
‘check’,
#{@mytext})”)

Not seeing the data in the table after applying this. Something is
wrong.

You would need
“INSERT INTO word (u, up, temp) VALUES(‘check’, ‘check’, ‘#{@mytext}’)”

This does however leave you open to all sorts of sql injection nasties

Fred

I was thinking of just being strict with what i allow in. Testing it
when it comes in and removing brackets and things. maybe some banded
words like the sql main words. Is there another recommended way though.
This shouldnt end up being online but it will be public.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs