Hi, I love ActiveRecord and its simplicity. Person.find(1) It''s so simple but imagine if the table people has 30 columns and there are some columns with type ''bytea'' (or large object / binary data) holding MB-s data, then you only need three columns only with type ''string'', ''string'', ''int''. It''s a waste of time using that code. So you use: Person.find_by_sql( "select name, id, body from people" ); But you lose safety (from sql injection) and simplicity of ActiveRecord. So I wonder if there is plugin or a way so you can write the query like this: Person.find(1, [ ''name'', ''id'', ''body'' ]) Thank you. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Dec 2, 2006, at 23:17 , Akbar Home wrote:> Person.find_by_sql( "select name, id, body from people" ); > > But you lose safety (from sql injection) and simplicity of > ActiveRecord.You only lose safety if you''re interpolating user-submitted data that you haven''t adequately filtered.> > So I wonder if there is plugin or a way so you can write the query > like > this: > > Person.find(1, [ ''name'', ''id'', ''body'' ])Not exactly what you want, but you can do: id = 1 sql = <<SQL select name, id, body from people where id = :id SQL Person.find_by_sql([sql, { :id => id }]).first Michael Glaesemann grzm seespotcode net --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
find takes a select option, eg p = Person.find 1, :select => ''id, name, address'' If you don''t include id, strange things may happen later down the road (eg if you try to reload or save the object. Fred -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---