Thanks. On Sunday, February 22, 2015 at 10:51:39 PM UTC-5, Jeremy Evans wrote: > > On Sunday, February 22, 2015 at 7:41:35 PM UTC-8, Matt wrote: >> >> Hi all, I simple want to do something similar to this but correct. update >> column3 where column1=? and column2= ?,val1,val2. >> so I was able to come up with this >> def foo(val1,val2,val3) >> db = db.connect to mysql >> db[:Items].filter(:col1=>val1,:col2=>val2l).update(:col3=>val3) >> >> end >> so i got that to work. However, I am trying to now sanitize >> val1,val2,val3. so i tried doing >> db[:Items].filter(:col1=>params[val1].to_s,:col2=>params[val2].to_s).update(:col3=>params[val3].to_s) >> >> > You shouldn't need to sanitize val1, val2, or val3, Sequel will > automatically escape them. However, if you expect them to be strings, it's > not bad to ensure that by using val1.to_s, val2.to_s, and val3.to_s. > > >> I interpreted the one for update and went with it >> http://sequel.jeremyevans.net/rdoc/files/doc/security_rdoc.html >> <http://www.google.com/url?q=http%3A%2F%2Fsequel.jeremyevans.net%2Frdoc%2Ffiles%2Fdoc%2Fsecurity_rdoc.html&sa=D&sntz=1&usg=AFQjCNHGcIeelUQaEa9BUyNlYTIKKMo7wA> >> >> >> I am getting a bunch of errors saying params is not defined. Ideas? I >> assume I made a mistake. >> > Those examples are if you are using Sequel will a web framework, which > generally have a params method to get the request parameters. > > Thanks, > Jeremy > >>
-- You received this message because you are subscribed to the Google Groups "sequel-talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/sequel-talk. For more options, visit https://groups.google.com/d/optout.
