I have the following statement cl = ChatEvent.find_all("ev_type <> #{t} and chat_id = #{@params [:chat_id]} order by created_at") which produces the following error: #42000You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''order by created_at)'' at line 1: SELECT * FROM chat_event WHERE (ev_type <> 0 and chat_id = 342 order by created_at) As you may notice there is an opening brace but no closing one. So far this worked until I upgraded Rails to 0.14.1. Gábor "How do you double the value of a Nokia? Charge up the battery!" _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
On 10/24/05, Gábor SEBESTYÉN <segabor-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> I have the following statement > > cl = ChatEvent.find_all("ev_type <> #{t} and chat_id > #{@params[:chat_id]} order by created_at") >I think that should be: cl = ChatEvent.find_all("ev_type <> #{t} and chat_id #{@params[:chat_id]}", "created_at") -eric
On 2005.10.24., at 18:08, Eric Wagoner wrote:> cl = ChatEvent.find_all("ev_type <> #{t} and chat_id > #{@params[:chat_id]}", "created_at") >You seem right :) Ehh .. how did they work until this time? :D Now I replaced all of them to find(:all, ...) form. It''s the best both of us. Gábor "Everything begins with choice... " _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
>> chat_id = #{@params[:chat_id]}BTW, this part of your SQL is open to SQL injection as per http://manuals.rubyonrails.com/read/chapter/43 You might want to change to: cl = ChatEvent.find(:all, :conditions => ["ev_type <> ? and chat_id = ?", t, @params[:chat_id]], :order => "created_at") -----Original Message----- From: rails-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org [mailto:rails-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org] On Behalf Of Eric Wagoner Sent: Tuesday, 25 October 2005 2:09 AM To: rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org Subject: Re: [Rails] bogus find_all in Rails 0.14.1 On 10/24/05, Gábor SEBESTYÉN <segabor-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> I have the following statement > > cl = ChatEvent.find_all("ev_type <> #{t} and chat_id = > #{@params[:chat_id]} order by created_at") >I think that should be: cl = ChatEvent.find_all("ev_type <> #{t} and chat_id = #{@params[:chat_id]}", "created_at") -eric _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails