Displaying 1 result from an estimated 1 matches for "dumb_sp".
Did you mean:
dsmb_p
2008 Aug 01
1
Escaping SQL when using connection.execute?
...writes to the DB must be performed using stored
procedures. (I know, I know... it sucks).
When constructing the query string, how do I go about escaping the
parameters I want to insert.
My first thought was Rail''s parameterization of query strings:
Model.connection.execute ["EXECUTE dumb_sp ''?'',''?'',''?''", a, b, c]
No luck, execute doesn''t accept that, it will only accept a string.
Am I stuck with gsubbing all those strings or is there away to compile
the array form to a query that I could use?
Thanks,
Andrew
--~--~...