[Rails] How to use a parameter with a string?
softwareengineer 99
softwareengineer99 at yahoo.com
Thu Jan 26 02:29:29 GMT 2006
Thanks Justin for your answer and the detailed explanation.
I appreciate it very much.
Frank
Justin Bailey <jgbailey at gmail.com> wrote: Easy, ruby can embed expressions into strings:
def self.home_categories (portal_id)
find(:all,
:conditions => "portal_id=#{portal_id}"
)
end
The #{..} syntax acts like ruby code inside your string, so the value
of portal_id gets into your conditions.
Now, the fact you are putting this value directly into a SQL statement
might be troubling - it it's from some sort of form submission or URL
you are opening yourself to SQL injection attacks there.
On 1/25/06, softwareengineer 99 wrote:
> Hello,
>
> I am learning Ruby on Rails and have a very basic question.
>
> def self.home_categories (portal_id)
> find(:all,
> :conditions => "portal_id=:portal_id"
> )
> end
>
> How can I put the value of portal_id in the string "portal_id=...". I tried
> concatenation but I get the error that it cannot convert.
>
> I can figure it out eventually but thought someone may have the answer
> ready.
>
> Thanks
> Frank
>
>
> ________________________________
> Do you Yahoo!?
> With a free 1 GB, there's more in store with Yahoo! Mail.
>
>
> _______________________________________________
> Rails mailing list
> Rails at lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
>
>
_______________________________________________
Rails mailing list
Rails at lists.rubyonrails.org
http://lists.rubyonrails.org/mailman/listinfo/rails
---------------------------------
Do you Yahoo!?
With a free 1 GB, there's more in store with Yahoo! Mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060126/b72ad20b/attachment.html
More information about the Rails
mailing list