Hello,
Basically, I need to do an insert such as:
create(
'user_id' => "#{uid}",
'cre_date' => 'date_add(now(), interval 12 hour)',
'expire_date' => 'now()',
'upd_date' => 'now()'
)where, date_add() and now() are executed ('populated') server side.
I can accomplish the insert, low level with:
a = ActiveRecord::Base.connection.insert("INSERT into sess (user_id,
cre_date, expire_date, upd_date) VALUES ("#{uid}", now(),
date_add(now(), interval 12 hour), now())");but that is less than ideal (sql injection comes to mind)
Is there a 'standard' way to do this with ActiveRecord? (or a way to
accomplish the insert 'safely' (without duplicating the work or arg
validation))(Note: I am using a legacy database schema, not an activerecord
created
database)
I'd use the sanitize_sql methods in activerecord to do the escaping
stuff. AR in general doesn't leave much up to the database.
Fred
