On Sunday, February 22, 2015 at 7:41:35 PM UTC-8, Matt wrote: > > Hi all, I simple want to do something similar to this but correct. update > column3 where column1=? and column2= ?,val1,val2. > so I was able to come up with this > def foo(val1,val2,val3) > db = db.connect to mysql > db[:Items].filter(:col1=>val1,:col2=>val2l).update(:col3=>val3) > > end > so i got that to work. However, I am trying to now sanitize > val1,val2,val3. so i tried doing > db[:Items].filter(:col1=>params[val1].to_s,:col2=>params[val2].to_s).update(:col3=>params[val3].to_s) > > You shouldn't need to sanitize val1, val2, or val3, Sequel will automatically escape them. However, if you expect them to be strings, it's not bad to ensure that by using val1.to_s, val2.to_s, and val3.to_s.
> I interpreted the one for update and went with it > http://sequel.jeremyevans.net/rdoc/files/doc/security_rdoc.html > <http://www.google.com/url?q=http%3A%2F%2Fsequel.jeremyevans.net%2Frdoc%2Ffiles%2Fdoc%2Fsecurity_rdoc.html&sa=D&sntz=1&usg=AFQjCNHGcIeelUQaEa9BUyNlYTIKKMo7wA> > > > I am getting a bunch of errors saying params is not defined. Ideas? I > assume I made a mistake. > Those examples are if you are using Sequel will a web framework, which generally have a params method to get the request parameters. Thanks, Jeremy > -- You received this message because you are subscribed to the Google Groups "sequel-talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/sequel-talk. For more options, visit https://groups.google.com/d/optout.
