On Mar 16, 6:15 pm, J Smith <[email protected]> wrote: > I know this sort of feature has the potential to be abused and lead to > SQL injection attacks, so as a sanity check, I figured I'd check to > see if this sort of feature would be useful or if I'm as crazy as I > may potentially be for bringing it up. I think if care were taken with > its use, it could be pretty useful, as there have been a good number > of occasions where I would have liked to have used this sort of > mechanism. (I use PostGIS quite often which provides a bunch of > spatial functions for PostgreSQL, for instance.) I'm also thinking > someone must have done something similar to this before but I can't > seem to track anything down on the subject. > > Anyways, comments, anyone? Would this sort of thing be as useful and > potentially disastrous as I think it would be? >
The Arel.sql factory method already enables the easy creation of SqlLiterals without monkeypatching String. Seems to me that this method doesn't really give us anything much more convenient than that, for the times when this sort of thing is needed. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
