On 8 Sep 2008, at 11:56, mohdanas wrote:
>
> Hi There,
>
> I''m gettings the following errors while accessing my application.
> Can someone please tell what is the possible cause and can it
> be resolved.
> "
> ActiveRecord::StatementInvalid in Site#showalladdress
>
> Showing site/showalladdress.rhtml where line #3 raised:
> Mysql::Error: #42000You have an error in your SQL syntax; check the
> manual that corresponds to your MySQL server version for the right
> syntax to use near ''and enabled=''1'''' at
line 1: select * from
> addresses where typeid=2 and customerid= and enabled=''1''
>
Because you''ve generated invalid sql: "customerid= and"
which you''ve done because you''re using find_by_sql without
checking
all the things you''re interpolating (and exposing yourself to sql
injection in the process)
find_by_sql is completely unnecessary in this case
Fred>
> Extracted source (around line #3):
> 1: Select Customer Address<br />
> 2:
> 3: <%=collection_select "address", :id,
Address.find_by_sql("select *
> from addresses where typeid=#{params[:id]} and
> customerid=#{session[:customerid]} and
enabled=''1''"), :id, :address,
> {},
> {:onchange
> =
> >
> "showcompletedetails
> ()", :onclick
> =>remote_function(:update=>"",
:url=>{:action=>"setaddress"},:with
> => "''id='' + $
>
(''address_id'').value"),:size=>"5",:class=>"dropdown",:style=>"width:
> 100%;border:1px solid #0099cc;" }%>
> "
>
>
> Thanks
>
> Mohd Anas
> >
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---