KathysKode-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
2007-Dec-09 05:13 UTC
Fabulous search routine from RailsSpace but missing ''LIKE'' strategy?
I''m having a wonderful time with the RailsSpace book and using their
''browse'' example to fashion my queries.
Does anyone know how/if I can include a LIKE statement using this
strategy? I''ve been searching the web all day and find this is a non-
standard strategy as it seems to be open to SQL injection
attacks..thus I included the sanitize_sql methods to try to protect my
database. Anyway, here''s the great code to run this;
def self.find_by_search(params)
where = []
where << sanitize_sql("zipcode = :zipcode") unless
params[:zipcode].blank?
where << sanitize_sql("city = :city") unless
params[:city].blank?
where << sanitize_sql("state = :state") unless
params[:state].blank?
where << sanitize_sql("county = :county") unless
params[:county].blank?
if where.empty?
[]
else
find(:all,
:conditions => [where.join(" AND "), params],
:order => params[:order])
end
end
If anyone has any ideas how I could utilize a LIKE verb, I''d be
grateful to hear.
Thanks,
Kathy
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---