This is what I''m trying to do: @contacts = Contact.find(:all, :conditions => [["jobs.name LIKE ?", ''Teacher%''], {:group_id => current_contact.group}], :include => [:jobs, :photos]) Obviously it''s not working. Is this my only option? @contacts = Contact.find(:all, :conditions => [''jobs.name LIKE ? AND group_id = ?'', ''Teacher%'', current_contact.group], :include => [:jobs, :photos])
Jeffrey L. Taylor
2009-Aug-20 08:39 UTC
Re: Can :conditions use an array and a dictionary together?
Quoting CoolAJ86 <coolaj86-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>:> > This is what I''m trying to do: > > @contacts = Contact.find(:all, :conditions => [["jobs.name LIKE ?", > ''Teacher%''], {:group_id => current_contact.group}], :include => > [:jobs, :photos]) > > Obviously it''s not working. Is this my only option? > @contacts = Contact.find(:all, :conditions => [''jobs.name LIKE ? AND > group_id = ?'', ''Teacher%'', current_contact.group], :include => > [:jobs, :photos]):conditions => "jobs.name LIKE ''Teacher%'' AND group_id = #{current_contact.group}" HTH, Jeffrey
Frederick Cheung
2009-Aug-20 08:46 UTC
Re: Can :conditions use an array and a dictionary together?
On Aug 20, 8:01 am, CoolAJ86 <coola...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> This is what I''m trying to do: > > @contacts = Contact.find(:all, :conditions => [["jobs.name LIKE ?", > ''Teacher%''], {:group_id => current_contact.group}], :include => > [:jobs, :photos]) > > Obviously it''s not working. Is this my only option? > @contacts = Contact.find(:all, :conditions => [''jobs.name LIKE ? AND > group_id = ?'', ''Teacher%'', current_contact.group], :include => > [:jobs, :photos])In general that is about it. In this particular case it looks like you could do current_contact.group.contacts.find :all, :conditions => [["jobs.name LIKE ?", ''Teacher%''], ... assuming that group has_many contacts Fred
Jeffrey L. Taylor wrote:> Quoting CoolAJ86 <coolaj86-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>: >> [:jobs, :photos]) > :conditions => > "jobs.name LIKE ''Teacher%'' AND group_id = #{current_contact.group}" > > HTH, > JeffreyPassing a string to :conditions like this welcomes sql injection attacks So can it be avoided and pass an array instaed like in last post by fred?Am I right? Sijo -- Posted via http://www.ruby-forum.com/.
Jeffrey L. Taylor
2009-Aug-20 14:29 UTC
Re: Can :conditions use an array and a dictionary together?
Quoting Sijo Kg <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>:> > Jeffrey L. Taylor wrote: > > Quoting CoolAJ86 <coolaj86-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>: > >> [:jobs, :photos]) > > :conditions => > > "jobs.name LIKE ''Teacher%'' AND group_id = #{current_contact.group}" > > > > HTH, > > Jeffrey > > Passing a string to :conditions like this welcomes sql injection attacks > So can it be avoided and pass an array instaed like in last post by > fred?Am I right? >Only if current_contact.group is string. I assumed that it is an integer, in which case, no SQL injection attack is possible for this call. Jeffrey
CoolAJ86
2009-Aug-20 15:24 UTC
Re: Can :conditions use an array and a dictionary together?
> In general that is about it. In this particular case it looks like you > could do > > current_contact.group.contacts.find :all, :conditions => [["jobs.name > LIKE ?", ''Teacher%''], ...As I understand it, that won''t eager-load (join) groups, jobs, and contacts together. See, as I iterate through contacts I want to pull group and job information without excess database calls.