Comments on: :finder_sql - single vs double quotes http://www.tamersalama.com/2007/05/17/finder_sql-single-vs-double-quotes/ of Tamer Salama Wed, 07 Jan 2009 02:23:55 +0000 http://wordpress.org/?v=2.6.5 By: Tamer http://www.tamersalama.com/2007/05/17/finder_sql-single-vs-double-quotes/#comment-349 Tamer Sat, 02 Jun 2007 17:58:21 +0000 http://www.tamersalama.com/2007/05/17/finder_sql-single-vs-double-quotes/#comment-349 The issue was to get the appropriate id in the has_many class method. Instance object id was the required id (not the class object id). Using the double quotes did the trick. The issue was to get the appropriate id in the has_many class method. Instance object id was the required id (not the class object id). Using the double quotes did the trick.

]]> By: Jereme http://www.tamersalama.com/2007/05/17/finder_sql-single-vs-double-quotes/#comment-348 Jereme Sat, 02 Jun 2007 01:41:19 +0000 http://www.tamersalama.com/2007/05/17/finder_sql-single-vs-double-quotes/#comment-348 Maybe I'm all hopped up goofballs, or maybe my solution is irrelevant to the context of your syntax usage, but... Can you avoid quoting issues all together in SQL queries via bind vars? i.e. has_many :breedtypes, :finder_sql => ["SELECT Breedtype.* FROM ... WHERE (cai = ?)", id] Not only does this avoid quoting issues, but it will also handle not quoting integer fields, and will eliminate the possibility of a hot SQL injection ruining the show. My two pennies... Maybe I’m all hopped up goofballs, or maybe my solution is irrelevant to the context of your syntax usage, but… Can you avoid quoting issues all together in SQL queries via bind vars?

i.e.

has_many :breedtypes, :finder_sql => ["SELECT Breedtype.* FROM ... WHERE (cai = ?)", id]

Not only does this avoid quoting issues, but it will also handle not quoting integer fields, and will eliminate the possibility of a hot SQL injection ruining the show.

My two pennies…

]]>