How do you put whats in a variable into a column
in a ruby/mysql database?
I thought you could just put the variable name in
an INSERT statement?
but ''@mytext'' puts in @mydata literally into the db.
and @mytext gives an error message.
I also tried mytext
sample code
res = dbh.query("INSERT INTO word (u, up, temp)
VALUES(''check'', ''check'',
@mytext)")
tags: ruby/mysql, variables, ruby, databases
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---
Mer Gilmartin wrote:> How do you put whats in a variable into a column > in a ruby/mysql database? > > I thought you could just put the variable name in > an INSERT statement? > > but ''@mytext'' puts in @mydata literally into the db. > and @mytext gives an error message. > I also tried mytext > > sample code > res = dbh.query("INSERT INTO word (u, up, temp) VALUES(''check'', ''check'', > @mytext)") > > tags: ruby/mysql, variables, ruby, databases > > -- > Posted via http://www.ruby-forum.com/."#{@mytext}" will substitute the value of @mytext into the string. Note that this only works for double quoted strings... _Kevin --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
> "#{@mytext}" will substitute the value of @mytext into the string. > Note that this only works for double quoted strings... > > _KevinSorry, what do you mean? I want to put the variable mytest''s contents into a database. The contents of the variable wouldnt have any quotes on them. Do you mean I used "#{@mytext}" in the insert statement? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Mer Gilmartin wrote:> > "#{@mytext}" will substitute the value of @mytext into the string. > > Note that this only works for double quoted strings... > > > > _Kevin > > Sorry, what do you mean? > > I want to put the variable mytest''s contents into a database. > The contents of the variable wouldnt have any quotes on them. > > Do you mean I used "#{@mytext}" in the insert statement? > > > -- > Posted via http://www.ruby-forum.com/.like this... res = dbh.query("INSERT INTO word (u, up, temp) VALUES(''check'', ''check'', #{@mytext})") although I''d wager that since you aren''t using ActiveRecord that there is probably a much easier way to accomplish your goal _Kevin --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
_Kevin wrote:> Mer Gilmartin wrote: >> Do you mean I used "#{@mytext}" in the insert statement? >> >> >> -- >> Posted via http://www.ruby-forum.com/. > > like this... > res = dbh.query("INSERT INTO word (u, up, temp) VALUES(''check'', > ''check'', > #{@mytext})") > > although I''d wager that since you aren''t using ActiveRecord that there > is probably a much easier way to accomplish your goal > > _KevinMy transations should be very simple. reading, copying to variables and writing. But do i need to add a gem for activerecord? I might take a look at it in case i need to implement it. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
>> >> like this... >> res = dbh.query("INSERT INTO word (u, up, temp) VALUES(''check'', >> ''check'', >> #{@mytext})")Not seeing the data in the table after applying this. Something is wrong. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Mer Gilmartin wrote:>>> >>> like this... >>> res = dbh.query("INSERT INTO word (u, up, temp) VALUES(''check'', >>> ''check'', >>> #{@mytext})") > > Not seeing the data in the table after applying this. Something is > wrong.You would need "INSERT INTO word (u, up, temp) VALUES(''check'', ''check'', ''#{@mytext}'')" This does however leave you open to all sorts of sql injection nasties Fred -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Frederick Cheung wrote:> Mer Gilmartin wrote: >>>> >>>> like this... >>>> res = dbh.query("INSERT INTO word (u, up, temp) VALUES(''check'', >>>> ''check'', >>>> #{@mytext})") >> >> Not seeing the data in the table after applying this. Something is >> wrong. > > You would need > "INSERT INTO word (u, up, temp) VALUES(''check'', ''check'', ''#{@mytext}'')" > > This does however leave you open to all sorts of sql injection nasties > > FredI was thinking of just being strict with what i allow in. Testing it when it comes in and removing brackets and things. maybe some banded words like the sql main words. Is there another recommended way though. This shouldnt end up being online but it will be public. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---