Hello,
Basically, I need to do an insert such as:
create(
''user_id'' => "#{uid}",
''cre_date'' => ''date_add(now(), interval 12
hour)'',
''expire_date'' => ''now()'',
''upd_date'' => ''now()''
)
where, date_add() and now() are executed (''populated'') server
side.
I can accomplish the insert, low level with:
a = ActiveRecord::Base.connection.insert("INSERT into sess (user_id,
cre_date, expire_date, upd_date) VALUES ("#{uid}", now(),
date_add(now(), interval 12 hour), now())");
but that is less than ideal (sql injection comes to mind)
Is there a ''standard'' way to do this with ActiveRecord? (or a
way to
accomplish the insert ''safely'' (without duplicating the work
or arg
validation))
(Note: I am using a legacy database schema, not an activerecord created
database)
Thanks
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Frederick Cheung
2009-Apr-10 21:22 UTC
Re: ActiveRecord.create using Mysql builtin methods?
On 10 Apr 2009, at 22:07, David Wright wrote:> > Hello, > > Basically, I need to do an insert such as: > > create( > ''user_id'' => "#{uid}", > ''cre_date'' => ''date_add(now(), interval 12 hour)'', > ''expire_date'' => ''now()'', > ''upd_date'' => ''now()'' > ) > > where, date_add() and now() are executed (''populated'') server side. > > I can accomplish the insert, low level with: > a = ActiveRecord::Base.connection.insert("INSERT into sess (user_id, > cre_date, expire_date, upd_date) VALUES ("#{uid}", now(), > date_add(now(), interval 12 hour), now())"); > > but that is less than ideal (sql injection comes to mind) > > Is there a ''standard'' way to do this with ActiveRecord? (or a way to > accomplish the insert ''safely'' (without duplicating the work or arg > validation)) > > (Note: I am using a legacy database schema, not an activerecord > created > database)I''d use the sanitize_sql methods in activerecord to do the escaping stuff. AR in general doesn''t leave much up to the database. Fred> > > Thanks > -- > Posted via http://www.ruby-forum.com/. > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---