Value isn't appended in puts statement(appears on next line)

Ruby
#1

Hello,

I have a small script which reads each line from a txt file and appends
it to the puts statement. My problem is that the last single quotation
mark appears on a new line. How would I make it appear on the same line.
I have am completely lost and would appreciate the help. Thanks

File.open(“directory”) do |file|
while somedigit = file.gets
puts “SQL STATEMENT I MADE UP =’”+somedigit+"’"
end
end

OUTPUT:

SQL STATEMENT I MADE UP ='000017383712

SQL STATEMENT I MADE UP ='000017383738

SQL STATEMENT I MADE UP ='000017384033

SQL STATEMENT I MADE UP ='000053598777

OUTPUT should look
like:-------------------------------------------------
SQL STATEMENT I MADE UP =‘000017383712’
SQL STATEMENT I MADE UP =‘000017383738’
SQL STATEMENT I MADE UP =‘000017384033’
SQL STATEMENT I MADE UP =‘000053598777’

#2

On Thu, Sep 17, 2009 at 8:51 PM, Mrmaster M.
[email protected] wrote:

Hello,

I have a small script which reads each line from a txt file and appends
it to the puts statement. My problem is that the last single quotation
mark appears on a new line. How would I make it appear on the same line.
I have am completely lost and would appreciate the help. Thanks

File.open(“directory”) do |file|
while somedigit = file.gets

               p somedigit

           puts "SQL STATEMENT I MADE UP ='"+somedigit+"'"
   end

end

I think this will give you a clue on what’s going on, and how to move
on:

File.open(“directory”) do |file|
while somedigit = file.gets
somedigit.chomp!
puts “SQL STATEMENT I MADE UP =’”+somedigit+"’"
end
end

In summary, gets returns the \n at the end of the line, so you should
remove it.

Hope this helps,

Jesus.

#3

Jesus you are awesome, your solution worked great. Thank you for the
help.

#4

Gary W. wrote:

On Sep 17, 2009, at 3:01 PM, Jes�s Gabriel y Gal�n wrote:

           puts "SQL STATEMENT I MADE UP ='"+somedigit+"'"

A more idiomatic version of that would be:

            puts "SQL STATEMENT I MADE UP '#{somedigit}'"

Gary W.

Hi Gary,

I tried it your way and it still gives me a new line. I think you still
have to chomp it since the value returned is somedigit\n

#5

On Sep 17, 2009, at 3:01 PM, Jesús Gabriel y Galán wrote:

           puts "SQL STATEMENT I MADE UP ='"+somedigit+"'"

A more idiomatic version of that would be:

            puts "SQL STATEMENT I MADE UP '#{somedigit}'"

Gary W.

#6

On Thu, Sep 17, 2009 at 10:16 PM, Mrmaster M.
removed[email protected] wrote:

Hi Gary,

I tried it your way and it still gives me a new line. I think you still
have to chomp it since the value returned is somedigit\n

Sure, he was just pointing out that string interpolation is more
idiomatic than string concatenation for cases like this one.

Jesus.

#7

Jesús Gabriel y Galán wrote:

On Thu, Sep 17, 2009 at 10:16 PM, Mrmaster M.
[email protected] wrote:

Hi Gary,

I tried it your way and it still gives me a new line. I think you still
have to chomp it since the value returned is somedigit\n

Sure, he was just pointing out that string interpolation is more
idiomatic than string concatenation for cases like this one.

Jesus.

Your right and sorry about that Gary. I misunderstood what you were
trying to show me :). I deal with a lot of cases where values have to be
inserted into sql statement and string interpolation is definitely a
better and cleaner approach.

#8

On Sep 17, 2009, at 4:36 PM, Mrmaster M. wrote:

Your right and sorry about that Gary. I misunderstood what you were
trying to show me :). I deal with a lot of cases where values have
to be
inserted into sql statement and string interpolation is definitely a
better and cleaner approach.

My comment was just about interpolation vs. concatenation in
general but in the specific case of constructing SQL statements,
I would be very careful with string interpolation. It is
quite easy to create an SQL injection vector if you aren’t
careful (e.g. http://xkcd.com/327/).

Most SQL frameworks provide a mechanism for constructing
parameterized SQL statements that is almost always better
than constructing the statements via string interpolation.

For example in Rails:
:conditions => [‘name = ?’, name]
vs.
:conditions => “name = ‘#{name}’”

Gary W.

#9

Gary W. wrote:

On Sep 17, 2009, at 4:36 PM, Mrmaster M. wrote:

Your right and sorry about that Gary. I misunderstood what you were
trying to show me :). I deal with a lot of cases where values have
to be
inserted into sql statement and string interpolation is definitely a
better and cleaner approach.

My comment was just about interpolation vs. concatenation in
general but in the specific case of constructing SQL statements,
I would be very careful with string interpolation. It is
quite easy to create an SQL injection vector if you aren’t
careful (e.g. http://xkcd.com/327/).

Most SQL frameworks provide a mechanism for constructing
parameterized SQL statements that is almost always better
than constructing the statements via string interpolation.

For example in Rails:
:conditions => [‘name = ?’, name]
vs.
:conditions => “name = ‘#{name}’”

Gary W.

The sql statements that I write are mostly basic. I was not aware of sql
injection. I’ve heard the term but haven’t done much research into it.
I’ll definitely research more into it. Thanks for the great advice.

#10

At 2009-09-17 03:01PM, “Jesús Gabriel y Galán” wrote:

File.open(“directory”) do |file|
while somedigit =3D file.gets
somedigit.chomp!
puts “SQL STATEMENT I MADE UP =3D’”+somedigit+"’"
end
end

In summary, gets returns the \n at the end of the line, so you should remov=
e it.

This form of file reading is somewhat more succinct:

File.foreach('filename') do |line|
  line.chomp
  line.do_something_with_me
end
#11

Mrmaster M.:

The sql statements that I write are mostly basic. I was not aware of
sql injection. I’ve heard the term but haven’t done much research into
it. I’ll definitely research more into it.

Uh-oh. In this case a good overview and starting point
might be http://en.wikipedia.org/wiki/SQL_injection

— Shot

#12

Hi –

On Fri, 18 Sep 2009, Glenn J. wrote:

This form of file reading is somewhat more succinct:

File.foreach(‘filename’) do |line|
line.chomp
line.do_something_with_me
end

You’ll need chomp! though (or line.chomp.do_something).

David

#13

On Sep 17, 2009, at 17:59, Shot (Piotr S.) wrote:

Uh-oh. In this case a good overview and starting point
might be http://en.wikipedia.org/wiki/SQL_injection

You only really need to worry about SQL injection if you’re getting
the data from an untrusted source. If you’re building a web app and
are getting data from a text box on a web site, you’re at extreme
risk. If you’re only building a personal tool that won’t be deployed
anywhere interesting, you’re only at a mild risk.

Still, it’s good practice to never build executable / SQL statements
by concatenation or interpolation, and instead use placeholders and
parameter binding, as in the DBI module:

dbh.do(“INSERT INTO people (id, name, height) VALUES(?, ?, ?)”, nil,
“Na’il”, 76)
Ben