Value isn't appended in puts statement(appears on next line)

mrmaster · September 17, 2009, 8:51pm

Hello,

I have a small script which reads each line from a txt file and appends
it to the puts statement. My problem is that the last single quotation
mark appears on a new line. How would I make it appear on the same line.
I have am completely lost and would appreciate the help. Thanks

File.open(“directory”) do |file|
while somedigit = file.gets
puts “SQL STATEMENT I MADE UP =’”+somedigit+"’"
end
end

OUTPUT:

SQL STATEMENT I MADE UP ='000017383712
’
SQL STATEMENT I MADE UP ='000017383738
’
SQL STATEMENT I MADE UP ='000017384033
’
SQL STATEMENT I MADE UP ='000053598777
’

OUTPUT should look
like:-------------------------------------------------
SQL STATEMENT I MADE UP =‘000017383712’
SQL STATEMENT I MADE UP =‘000017383738’
SQL STATEMENT I MADE UP =‘000017384033’
SQL STATEMENT I MADE UP =‘000053598777’

mrmaster · September 17, 2009, 9:02pm

On Thu, Sep 17, 2009 at 8:51 PM, Mrmaster M.
[email protected] wrote:

Hello,

I have a small script which reads each line from a txt file and appends
it to the puts statement. My problem is that the last single quotation
mark appears on a new line. How would I make it appear on the same line.
I have am completely lost and would appreciate the help. Thanks

File.open(“directory”) do |file|
while somedigit = file.gets

               p somedigit

           puts "SQL STATEMENT I MADE UP ='"+somedigit+"'"
   end

end

I think this will give you a clue on what’s going on, and how to move
on:

File.open(“directory”) do |file|
while somedigit = file.gets
somedigit.chomp!
puts “SQL STATEMENT I MADE UP ='”+somedigit+“'”
end
end

In summary, gets returns the \n at the end of the line, so you should
remove it.

Hope this helps,

Jesus.

mrmaster · September 17, 2009, 9:12pm

Jesus you are awesome, your solution worked great. Thank you for the
help.

mrmaster · September 17, 2009, 10:16pm

Gary W. wrote:

On Sep 17, 2009, at 3:01 PM, Jesï¿½s Gabriel y Galï¿½n wrote:
           puts "SQL STATEMENT I MADE UP ='"+somedigit+"'"
A more idiomatic version of that would be:
            puts "SQL STATEMENT I MADE UP '#{somedigit}'"
Gary W.

Hi Gary,

I tried it your way and it still gives me a new line. I think you still
have to chomp it since the value returned is somedigit\n

mrmaster · September 17, 2009, 9:40pm

On Sep 17, 2009, at 3:01 PM, Jesús Gabriel y Galán wrote:

           puts "SQL STATEMENT I MADE UP ='"+somedigit+"'"

A more idiomatic version of that would be:

            puts "SQL STATEMENT I MADE UP '#{somedigit}'"

Gary W.

mrmaster · September 17, 2009, 10:31pm

On Thu, Sep 17, 2009 at 10:16 PM, Mrmaster M.
[email protected] wrote:

Hi Gary,

I tried it your way and it still gives me a new line. I think you still
have to chomp it since the value returned is somedigit\n

Sure, he was just pointing out that string interpolation is more
idiomatic than string concatenation for cases like this one.

Jesus.

mrmaster · September 17, 2009, 10:36pm

JesÃºs Gabriel y GalÃ¡n wrote:

On Thu, Sep 17, 2009 at 10:16 PM, Mrmaster M.
[email protected] wrote:

Hi Gary,

I tried it your way and it still gives me a new line. I think you still
have to chomp it since the value returned is somedigit\n

Sure, he was just pointing out that string interpolation is more
idiomatic than string concatenation for cases like this one.

Jesus.

Your right and sorry about that Gary. I misunderstood what you were
trying to show me :). I deal with a lot of cases where values have to be
inserted into sql statement and string interpolation is definitely a
better and cleaner approach.

mrmaster · September 17, 2009, 11:18pm

On Sep 17, 2009, at 4:36 PM, Mrmaster M. wrote:

Your right and sorry about that Gary. I misunderstood what you were
trying to show me :). I deal with a lot of cases where values have
to be
inserted into sql statement and string interpolation is definitely a
better and cleaner approach.

My comment was just about interpolation vs. concatenation in
general but in the specific case of constructing SQL statements,
I would be very careful with string interpolation. It is
quite easy to create an SQL injection vector if you aren’t
careful (e.g. xkcd: Exploits of a Mom).

Most SQL frameworks provide a mechanism for constructing
parameterized SQL statements that is almost always better
than constructing the statements via string interpolation.

For example in Rails:
:conditions => [‘name = ?’, name]
vs.
:conditions => “name = ‘#{name}’”

Gary W.

mrmaster · September 17, 2009, 11:31pm

Gary W. wrote:

On Sep 17, 2009, at 4:36 PM, Mrmaster M. wrote:

Your right and sorry about that Gary. I misunderstood what you were
trying to show me :). I deal with a lot of cases where values have
to be
inserted into sql statement and string interpolation is definitely a
better and cleaner approach.

My comment was just about interpolation vs. concatenation in
general but in the specific case of constructing SQL statements,
I would be very careful with string interpolation. It is
quite easy to create an SQL injection vector if you aren’t
careful (e.g. xkcd: Exploits of a Mom).

Most SQL frameworks provide a mechanism for constructing
parameterized SQL statements that is almost always better
than constructing the statements via string interpolation.

For example in Rails:
:conditions => [‘name = ?’, name]
vs.
:conditions => “name = ‘#{name}’”

Gary W.

The sql statements that I write are mostly basic. I was not aware of sql
injection. I’ve heard the term but haven’t done much research into it.
I’ll definitely research more into it. Thanks for the great advice.

mrmaster · September 18, 2009, 3:17am

At 2009-09-17 03:01PM, “Jesús Gabriel y Galán” wrote:

File.open(“directory”) do |file|
while somedigit =3D file.gets
somedigit.chomp!
puts “SQL STATEMENT I MADE UP =3D’”+somedigit+"’"
end
end

In summary, gets returns the \n at the end of the line, so you should remov=
e it.

This form of file reading is somewhat more succinct:

File.foreach('filename') do |line|
  line.chomp
  line.do_something_with_me
end

mrmaster · September 18, 2009, 12:00am

Mrmaster M.:

The sql statements that I write are mostly basic. I was not aware of
sql injection. I’ve heard the term but haven’t done much research into
it. I’ll definitely research more into it.

Uh-oh. In this case a good overview and starting point
might be SQL injection - Wikipedia

â€” Shot

mrmaster · September 18, 2009, 3:38am

Hi –

On Fri, 18 Sep 2009, Glenn J. wrote:

This form of file reading is somewhat more succinct:

File.foreach(‘filename’) do |line|
line.chomp
line.do_something_with_me
end

You’ll need chomp! though (or line.chomp.do_something).

David

mrmaster · September 19, 2009, 8:35am

On Sep 17, 2009, at 17:59, Shot (Piotr S.) wrote:

Uh-oh. In this case a good overview and starting point
might be SQL injection - Wikipedia

You only really need to worry about SQL injection if you’re getting
the data from an untrusted source. If you’re building a web app and
are getting data from a text box on a web site, you’re at extreme
risk. If you’re only building a personal tool that won’t be deployed
anywhere interesting, you’re only at a mild risk.

Still, it’s good practice to never build executable / SQL statements
by concatenation or interpolation, and instead use placeholders and
parameter binding, as in the DBI module:

dbh.do(“INSERT INTO people (id, name, height) VALUES(?, ?, ?)”, nil,
“Na’il”, 76)
Ben