Rails - May 2008 - sanitinzing text before inserting.

Hi All,
I am not aware of how many time this question might have propped up and
how many would have answered but googling for this did not satisfy me.
The issue that I am facing in one of my Rails Application is that I am
entering data in to a different database. I am using the following
connection.insert method of the ActiveRecord Base[/b]


model_name.connection.insert(INSERT IN TO
another_database.some_table(columns)VALUES())

This works fine till the point that no special characters are used. If
the user tries to insert a  " '' "(single quote) or
('' " '') a double
quote the insert fails.

I brushed through the API and found that they use the protected class
method of ''sanitize_sql_array'' etc.

One possible way is to do a gsub and replace the '' with /'' but
I wanted
to know if there is any method in Ruby or Rails that could sanitize the
text before entering it in to the database
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On 6 May 2008, at 11:18, jazzy jazzy wrote:
>
> Hi All,
> I am not aware of how many time this question might have propped up  
> and
> how many would have answered but googling for this did not satisfy me.
> The issue that I am facing in one of my Rails Application is that I am
> entering data in to a different database. I am using the following
> connection.insert method of the ActiveRecord Base[/b]
>
>
> model_name.connection.insert(INSERT IN TO
> another_database.some_table(columns)VALUES())
You''ll be a lot easier off if you create a model configured to use  
that other database connection. If that is truly impossible,  
connection.quote should help you.
sanitize_sql etc... are protected methods, but that means it''s fine to
call them from a descendant of ActiveRecord (and I really hope you  
haven''t got that in a controller)

Fred
>
>
> This works fine till the point that no special characters are used. If
> the user tries to insert a  " '' "(single quote) or
('' " '') a double
> quote the insert fails.
>
> I brushed through the API and found that they use the protected class
> method of ''sanitize_sql_array'' etc.
>
> One possible way is to do a gsub and replace the '' with
/'' but I
> wanted
> to know if there is any method in Ruby or Rails that could sanitize  
> the
> text before entering it in to the database
> -- 
> Posted via http://www.ruby-forum.com/.
>
> >

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Hey Fred thanks for your response.

Frederick Cheung wrote:
> On 6 May 2008, at 11:18, jazzy jazzy wrote:
> 
>> model_name.connection.insert(INSERT IN TO
>> another_database.some_table(columns)VALUES())
> 
> You''ll be a lot easier off if you create a model configured to use
> that other database connection. 
That is a good option. But I am new to Rails and getting confused with 
the establish_connection of the ActiveRecordBase

It would be great if you could give me an example of how to use it since 
I am confused of where to use it in the controller or the Model.

If that is truly impossible,
> connection.quote should help you.
Could you also give a small example of how to use it?

Thanks
Vinay

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

What flavour of database are you using?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

vanderkerkoff wrote:
> What flavour of database are you using?
MySql Server 5.0
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On May 6, 2008, at 7:38 AM, jazzy jazzy wrote:
>
> Hey Fred thanks for your response.
>
> Frederick Cheung wrote:
>> On 6 May 2008, at 11:18, jazzy jazzy wrote:
>>
>>> model_name.connection.insert(INSERT IN TO
>>> another_database.some_table(columns)VALUES())
>>
>> You''ll be a lot easier off if you create a model configured to
use
>> that other database connection.
>
> That is a good option. But I am new to Rails and getting confused with
> the establish_connection of the ActiveRecordBase
>
> It would be great if you could give me an example of how to use it  
> since
> I am confused of where to use it in the controller or the Model.
It is in the Model.  Here''s an example:

class LegacyModel < ActiveRecord::Base
   establish_connection "legacy" if
     RAILS_ENV == ''production'' &&
configurations.has_key?(''legacy'')
...
end

The argument ("legacy") refers to a named configuration in your  
database.yml file.  In this case the conditional I have lets me have  
normal development and test connections to a single database, but in  
production, the "legacy" database connection will be used.  If you  
always connected a particular model to a different database, you''d  
need only:

class AnotherDatabaseModel < ActiveRecord::Base
   establish_connection "another_database"
...
end

If you have many models that live in another database, you can:

class SomeModel < AnotherDatabaseModel
   # I will inherit the connection
end

class OnceMoreModel < AnotherDatabaseModel
   # I will inherit the connection, too
end

-Rob

Rob Biedenharn		http://agileconsultingllc.com
Rob-xa9cJyRlE0mWcWVYNo9pwxS2lgjeYSpx@public.gmane.org
> If that is truly impossible,
>> connection.quote should help you.
>
> Could you also give a small example of how to use it?
>
> Thanks
> Vinay
>



--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Jazzy, why don''t you use UTF8 encoding?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---