Base.connection.execute with params

Hi,

I am trying to implement Base.connection.execute using a passed
parameter from the calling view:-

In my controller I have the following code:-

def addnewsoa2
ActiveRecord::Base.connection.execute "INSERT INTO `soas`
(`program_id`,`control_id`,`scope`,`detail`) VALUES (?,1,'Y','t.b.a.')",
@params['proggy']
end

This fails with a sql syntax error but I cant see where I am going
wrong. The equivalent code in raw sql is okay. (i.e. "INSERT INTO `soas`
(`program_id`,`control_id`,`scope`,`detail`) VALUES (13,1,'Y','t.b.a.')"

I think it's the way I am using the passed parameter but would greatly
appreciate any offered assistance.

Thanks

Martyn Elmy-Liddiard

Hi,

I am trying to implement Base.connection.execute using a passed
parameter from the calling view:-

In my controller I have the following code:-

def addnewsoa2
ActiveRecord::Base.connection.execute "INSERT INTO `soas`
(`program_id`,`control_id`,`scope`,`detail`) VALUES (?,
1,'Y','t.b.a.')",
@params['proggy']
end

Why are you using execute? Execute is much lower level than you need,
and doesn't understand parameters etc... It just chucks a string at
the database adapter so you have to construct the entire bit of sql
yourself. Why use this and not Soa.create(params) ?

Fred

Frederick Cheung wrote: