Comments on: Ruby on Rails Error http://corralesonline.com/ruby-on-rails-error-2/2007/07/04/ corralesonline.com Fri, 10 Sep 2010 04:18:28 +0000 http://wordpress.org/?v=2.3.2 By: brian.corrales http://corralesonline.com/ruby-on-rails-error-2/2007/07/04/#comment-587 brian.corrales Thu, 05 Jul 2007 02:10:47 +0000 http://corralesonline.com/ruby-on-rails-error-2/2007/07/04/#comment-587 Thanks Jimmy. I'll have to start using the prepared statement then. Thanks Jimmy. I’ll have to start using the prepared statement then.

]]> By: Jimmy Zimmerman http://corralesonline.com/ruby-on-rails-error-2/2007/07/04/#comment-586 Jimmy Zimmerman Thu, 05 Jul 2007 02:06:16 +0000 http://corralesonline.com/ruby-on-rails-error-2/2007/07/04/#comment-586 A better way to do it is the prepared statement type syntax. Your conditions statement would look something more like: :conditions => ["common_given_names.name LIKE ?", "#{params[:descendant][:given_name]}%"] That way, Rails will sanitize your input from any kind of SQL injection attack, as well as wrap the single quotes around your statement if needed. A better way to do it is the prepared statement type syntax. Your conditions statement would look something more like:

:conditions => [”common_given_names.name LIKE ?”, “#{params[:descendant][:given_name]}%”]

That way, Rails will sanitize your input from any kind of SQL injection attack, as well as wrap the single quotes around your statement if needed.

]]>