Displaying 2 results from an estimated 2 matches for "build_where_clause".
2005 Nov 22
11
Building a conditions clause (for find) of multiple optional params?
I want to be able to find items according to various params - category_id, member_id, type_id,
rating, etc. What I have now is something like:
if(@params[''category_id''])
@items=Item.find(:all, :conditions=>["category_id=?", @params[''category_id''])
elsif(@params[''category_id''] and @params[''member_id''])
2011 Nov 22
4
A "strict Arel" mode for ActiveRecord to prevent SQL injection vulnerabilities
Hello rubyonrails-core,
I’ve been looking into possible changes to ActiveRecord / Arel to make it
easier to write Rails applications that are free of SQL injection
vulnerabilities, and in particular do so in a way that makes it easy for a
code reviewer to verify that the app is safe from such bugs.
The concern:
-----------------
With the ActiveRecord API as is, it’s relatively easy to write