Rails - Aug 2008 - Escaping SQL when using connection.execute?

Hi all,

Here''s the situation: I''m writing a Rails app that connect to
a SQL
Server DB via the ODBC adapter. As an outside, non-negotiable
requirement, and writes to the DB must be performed using stored
procedures. (I know, I know... it sucks).

When constructing the query string, how do I go about escaping the
parameters I want to insert.

My first thought was Rail''s parameterization of query strings:
Model.connection.execute ["EXECUTE dumb_sp
''?'',''?'',''?''", a, b,
c]
No luck, execute doesn''t accept that, it will only accept a string.

Am I stuck with gsubbing all those strings or is there away to compile
the array form to a query that I could use?

Thanks,

Andrew

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Check the Rails API for various sanitize_sql_* methods.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---