if @params[:pnumber] =~ /\s*p?(\d+)\s*/
if student = Student.find_first(:conditions => ["pnumber like
“:pnumber%”",
{:pnumber => $1}]) @borrower = student
elsif emp = Employee.find_first(:condiwions => [“pnumber like
“?””,
{:pnumber => $1}]) @borrower = emp
else @flash[:note] += “Nobody matching #{@params[:pnumber]}”
end
end
in particular, the second if, then why would I get errors like:
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near
‘pnumber1234412341) LIMIT 1’ at line 1: SELECT * FROM students WHERE
(conditionspnumber like ":pnumber%"pnumber1234412341) LIMIT 1
which suggests that :pnumber is not being substituted, as per page
214 of “Agile web Development with Rails”, even though it is in a
position where it would match /\b:pnumber\b/ – i.e. there can’t be
ambiguity about what it is [?].
Otherwise, how does one setup ‘select * where :this is like “that%”’
or even ‘like “%:that%”’ in a query?
Incidentally, I’m using MySQL 4.1.13 with Rails 0.14.3
Well in your second conditions clause you have ‘condiwions’ instead of
Oops! … Fixed. But I’m still getting the error
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near ‘pnumber1234412341) LIMIT 1’ at line 1: SELECT * FROM students
WHERE (conditionspnumber like ":pnumber%"pnumber1234412341) LIMIT 1
Changing to single quotes (’) didn’t help – the error message takes
the same form
Employee.find(:first, :conditions => [‘pnumber like ?’, “%#{$1}%”])
The book says specifically NOT to do that because of SQL injection
attacks.
I was too quick with that!
No, that’s somewhat different. I’m not too clear on what advantage
is imparted by this form over the straight expansion of #{…} in
the query string itself, and whether that advantage still applies
when the expansion is done in the second arrray element. I will
have to look at the code I suppose.
No, that’s somewhat different. I’m not too clear on what advantage
is imparted by this form over the straight expansion of #{…} in
the query string itself, and whether that advantage still applies
when the expansion is done in the second arrray element. I will
have to look at the code I suppose.
The substituted parameter is quoted. You want the % surrounding the
parameter before it’s quoted. Therefore, add the % to the parameter
before binding it to :conditions.
jeremy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
The substituted parameter is quoted. You want the % surrounding the parameter
before it’s quoted. Therefore, add the % to the parameter before binding it
to :conditions.
if @params[:pnumber] =~ /\s*p?(\d+)\s*/
if student = Student.find_first(:conditions => ["pnumber like
?", “%#{$1}%”]) @borrower = student
[…]
Now I get:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near ‘?%31313412%) LIMIT 1’ at line 1: SELECT * FROM students WHERE
(conditionspnumber like ?%31313412%) LIMIT 1
So I change it to this
if @params[:pnumber] =~ /\s*p?(\d+)\s*/
if student = Student.find_first(:conditions => ["pnumber like
:pn", {:pn =>"%#{$1}%"}]) @borrower = student
and I get
You have an error in your SQL syntax; check the manual that corresponds
to your
MySQL server version for the right syntax to use near ‘:pnpn%31313412%)
LIMIT
1’ at line 1: SELECT * FROM students WHERE (conditionspnumber like
:pnpn%31313412%) LIMIT 1
This doesn’t make any sense to me. It seems to be leaving the first
operand of
the substitution in the query. This is still in development mode, I
should
(perhaps) add w/ rails 0.14.3, ruby 1.8.2, Solaris9.
Yes, afterwards, by which time I’d written it the WRONG way just to
make some pogress.
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near ‘?%31313412%) LIMIT 1’ at line 1: SELECT * FROM students WHERE
(conditionspnumber like ?%31313412%) LIMIT 1
That’s because Student.find_first expects a string for conditions.
Why? I thought the whole point of find_first(…) was that it was a
shorthand, mentally at least, for find(:first,…). IMHO if that is
not true, and the method will only accept a string, then it should
complain bitterly about getting an array.
OTOH, maybe there is something about this difference that I don’t
know which justifies this design.
Use Student.find(:first, :conditions => …)
That worked. I changed the logic a bit (as I get towards doing what I
need done):
if @params[:pnumber] =~ /\s*p?(\d+)\s*/
student = Student.find(:first, :conditions => ["pnumber like
:pn", {:pn =>"%%#{$1}%%"}])
if student.nil?
emp = Employee.find(:first,:conditions => [“pnumber like :pn”,
{:pn =>"%%#{$1}%%"}])
if emp.nil?
flash[:borrower_error] = “No student or staff with pnumber
#{$1}”
Note, I do need the double % signs for it to work correctly.
find_first is the old, deprecated method. It is not a shorthand.
Ah, that would be it.
It should complain loudly; sorry.
OK, next question: Is there a std way to reference threads on the
rails list given that unlike all the other ruby lists it doesn’t
have a /Message-count: \d+/ header? I’m wondering how to pass this
whole topic over to dev.rails… for the bug tracker.
OK, next question: Is there a std way to reference threads on the
rails list given that unlike all the other ruby lists it doesn’t
have a /Message-count: \d+/ header? I’m wondering how to pass this
whole topic over to dev.rails… for the bug tracker.
Why? I thought the whole point of find_first(…) was that it was a
shorthand, mentally at least, for find(:first,…). IMHO if that is
not true, and the method will only accept a string, then it should
complain bitterly about getting an array.
OTOH, maybe there is something about this difference that I don’t
know which justifies this design.
find_first is the old, deprecated method. It is not a shorthand.
It should complain loudly; sorry.
jeremy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)