Joshua Partogi wrote:
> Wow this is a very clean approach. Trying this one out. :-)
>> cond_string = []
>> cont_hash = {}
>>
>> if params[:search_name]
>> cond_string << "(name ILIKE :name)"
>> cond_hash[:name] = "%#{params[:search_name]}%"
>> end
It also prevents SQL injection attacks:
http://imgs.xkcd.com/comics/exploits_of_a_mom.png
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
