On Jan 18, 12:17 pm, Glen <[email protected]> wrote:
> So, I'm experiencing what I would describe as inconsistent behavior
> from the oracle adapter.
>
> I can create a Sequel::Oracle::Database object without issue.
> However, when I try executing a raw query with .run I get nil:
>
> oracle.run(query + "'#{user}'")
Database#run should only be used for DDL statements. You probably
want:
oracle[query + "'#{user}'"].all
I second rohit's advice of using the Sequel DSL, or at the very least
using placeholders instead of string concatenation. Your example code
is just asking for SQL injection if the user variable is based on user
input.
Jeremy
--
You received this message because you are subscribed to the Google Groups
"sequel-talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/sequel-talk?hl=en.
