Hello,
Basically, I need to do an insert such as:
create( 'user_id' => "#{uid}", 'cre_date' => 'date_add(now(), interval 12 hour)', 'expire_date' => 'now()', 'upd_date' => 'now()' )
where, date_add() and now() are executed ('populated') server side.
I can accomplish the insert, low level with: a = ActiveRecord::Base.connection.insert("INSERT into sess (user_id, cre_date, expire_date, upd_date) VALUES ("#{uid}", now(), date_add(now(), interval 12 hour), now())");
but that is less than ideal (sql injection comes to mind)
Is there a 'standard' way to do this with ActiveRecord? (or a way to accomplish the insert 'safely' (without duplicating the work or arg validation))
(Note: I am using a legacy database schema, not an activerecord
created database)
I'd use the sanitize_sql methods in activerecord to do the escaping
stuff. AR in general doesn't leave much up to the database.
Fred