How do you put whats in a variable into a column
in a ruby/mysql database?
I thought you could just put the variable name in
an INSERT statement?
but ‘@mytext’ puts in @mydata literally into the db.
and @mytext gives an error message.
I also tried mytext
sample code
res = dbh.query(“INSERT INTO word (u, up, temp) VALUES(‘check’, ‘check’,
@mytext)”)
tags: ruby/mysql, variables, ruby, databases
Mer G. wrote:
sample code
res = dbh.query(“INSERT INTO word (u, up, temp) VALUES(‘check’, ‘check’,
@mytext)”)tags: ruby/mysql, variables, ruby, databases
–
Posted via http://www.ruby-forum.com/.
“#{@mytext}” will substitute the value of @mytext into the string.
Note that this only works for double quoted strings…
_Kevin
“#{@mytext}” will substitute the value of @mytext into the string.
Note that this only works for double quoted strings…_Kevin
Sorry, what do you mean?
I want to put the variable mytest’s contents into a database.
The contents of the variable wouldnt have any quotes on them.
Do you mean I used “#{@mytext}” in the insert statement?
Mer G. wrote:
Do you mean I used “#{@mytext}” in the insert statement?
–
Posted via http://www.ruby-forum.com/.
like this…
res = dbh.query(“INSERT INTO word (u, up, temp) VALUES(‘check’,
‘check’,
#{@mytext})”)
although I’d wager that since you aren’t using ActiveRecord that there
is probably a much easier way to accomplish your goal
_Kevin
_Kevin wrote:
Mer G. wrote:
Do you mean I used “#{@mytext}” in the insert statement?
–
Posted via http://www.ruby-forum.com/.like this…
res = dbh.query(“INSERT INTO word (u, up, temp) VALUES(‘check’,
‘check’,
#{@mytext})”)although I’d wager that since you aren’t using ActiveRecord that there
is probably a much easier way to accomplish your goal_Kevin
My transations should be very simple. reading, copying to variables and
writing. But do i need to add a gem for activerecord? I might take a
look at it in case i need to implement it.
Mer G. wrote:
like this…
res = dbh.query(“INSERT INTO word (u, up, temp) VALUES(‘check’,
‘check’,
#{@mytext})”)Not seeing the data in the table after applying this. Something is
wrong.
You would need
“INSERT INTO word (u, up, temp) VALUES(‘check’, ‘check’, ‘#{@mytext}’)”
This does however leave you open to all sorts of sql injection nasties
Fred
like this…
res = dbh.query(“INSERT INTO word (u, up, temp) VALUES(‘check’,
‘check’,
#{@mytext})”)
Not seeing the data in the table after applying this. Something is
wrong.
Frederick C. wrote:
Mer G. wrote:
like this…
res = dbh.query(“INSERT INTO word (u, up, temp) VALUES(‘check’,
‘check’,
#{@mytext})”)Not seeing the data in the table after applying this. Something is
wrong.You would need
“INSERT INTO word (u, up, temp) VALUES(‘check’, ‘check’, ‘#{@mytext}’)”This does however leave you open to all sorts of sql injection nasties
Fred
I was thinking of just being strict with what i allow in. Testing it
when it comes in and removing brackets and things. maybe some banded
words like the sql main words. Is there another recommended way though.
This shouldnt end up being online but it will be public.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs