On Fri, Nov 19, 2021 at 8:15 AM Billy Zheng <vil...@gmail.com> wrote:
> Because i don't know what happen, so, i just try to reproduce here. > > I use following migrate to add chinese full text search feature use > zhparser plugin, it works! > > > https://github.com/zw963/marketbet_crawler/blob/master/db/migrations/20211112143230_add_zhparser_extension.rb > > I use following migrate to create a stored generated column, for copy > title, preview into a new ts_vector column, and create index on it, for ts > search better performance, it works too! > > > https://github.com/zw963/marketbet_crawler/blob/master/db/migrations/20211112143437_add_stored_generated_column_to_investing_latest_news.rb > > For now, both of them works, but, i hope i can add/delete new chinese > token into it. > > so, i add following code into roda routes. > > ``` > r.post do > r.is 'add-ts-keyword' do > new_keyword = r.params['new_keyword'] > DB.run("INSERT INTO zhparser.zhprs_custom_word > values('#{new_keyword}') ON CONFLICT DO NOTHING;") > This is vulnerable to SQL injection. > r.redirect request.referrer > end > > r.is 'remove-ts-keyword' do > keyword = r.params['keyword'] > DB.run("DELETE FROM zhparser.zhprs_custom_word WHERE > word='#{keyword}';") > So is this. > r.redirect request.referrer > end > > r.is 'sync-ts-keyword' do > DB.run("SELECT sync_zhprs_custom_word();UPDATE > investing_latest_news SET title = title, preview = preview;") > Combining multiple SQL statements into a single call to Database#run is not supported. Use two separate DB.run calls, one per SQL statement. FWIW, your UPDATE just sets columns to their current value, so it will only have an effect if there are triggers or something similar in play. Thanks, Jeremy -- You received this message because you are subscribed to the Google Groups "sequel-talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to sequel-talk+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/sequel-talk/CADGZSSeyFrgpA8CZOux_LnAxSxEEsftvnFFMRKtmpuU3ik%2B8xA%40mail.gmail.com.
