Displaying 6 results from an estimated 6 matches for "quote_str".
2006 Oct 19
3
Selecting datetime values from SQL Server (year < 1970)
All,
Rails 1.1.6.
Any AR find() call that generates a SELECT * type query against a table
with a DATETIME column in SQL Server whose value occurs before 1970 will
fail, because of the coercion of SQL Server datetime types to Time
values in Ruby.
See sqlserver_adapter.rb line 490
(record[col] = record[col].to_time if record[col].is_a? DBI::Timestamp)
If I remove the coercion (just commenting
2005 Dec 16
1
acts_as_taggable sql injection vulnerability
...tell lif you''re vulnerable
======================
Make a tag with a single quote in it. See if raises an error.
Now, go delete your entire database.
How to fix
========
add/change the last line of split_tag_names
tag_names = tag_names.flatten.map { |name|
ActiveRecord::Base.connection.quote_string(tag.name.strip) }
}.uniq.compact
-- Remember to restart your app.
court3nay
http://caboo.se :: we like big fonts and yellow highlighting
http://habtm.com :: personal codelog
http://placelist.com :: just like all the cool kids
2007 Apr 03
0
[Sybase Adaptor] find_by_xxx does not work correctly.
...quote(value, column = nil)
280 return value.quoted_id if value.respond_to?
(:quoted_id)
281
282 case value
283 when String
284 if column && column.type == :binary &&
column.class.respond_to?(:string_to_binary)
285
"#{quote_string(column.class.string_to_binary(value))}"
286 elsif @numconvert && force_numeric?(column) &&
value =~ /^[+-]?[0-9]+$/o <-- here
287 value
288 else
289 "''#{quote_string(value)}''"...
2008 Oct 21
6
detecting width overflow in serialized column with mysql
So I''ve got an ActiveRecord model pointing to a MySQL db, with an
auto-serialized column ("serialize :columnName").
Thing is, MySQL, depending on how it''s configured (like, by default),
has a bad habit of just truncating your data if it''s too wide for the
column, with no error raised. Yeah, I can probably reconfigure MySQL
and/or my AR connection to it. But
2004 Dec 07
30
Bind Variables in Active Record
...'''bob''''''\''?"])
Is there a legitimate case for this kind of query?
The next question is, how to allow each database adapter to override
the quoting rules for each data type. The current implementation has
a series of methods like this
def quote_string(value)
value = value.gsub(/''/, "''''")
"''#{value}''"
end
def quote_date(value)
"''#{value.to_s}''"
end
etc.
What''s the most logical place for this code to live? Mysql will have
to override...
2006 Jan 20
47
SQL Server datetime error
i have a problem with the datetime format of rails. i am unable to save
a dataset to the db. here''s the error message -- the original error
message was in german, so i translated it -- i get:
DBI::DatabaseError: Execute
OLE error code:80040E07 in Microsoft OLE DB Provider for SQL Server
Couldn''t convert a char-Datatype to datetime
HRESULT error code:0x80020009