This is what I'm trying to do:
@contacts = Contact.find(:all, :conditions => [["jobs.name LIKE ?", 'Teacher%'], {:group_id => current_contact.group}], :include => [:jobs, :photos])
Obviously it's not working. Is this my only option? @contacts = Contact.find(:all, :conditions => ['jobs.name LIKE ? AND group_id = ?', 'Teacher%', current_contact.group], :include => [:jobs, :photos])
Quoting CoolAJ86 <coolaj86@gmail.com>:
This is what I'm trying to do:
@contacts = Contact.find(:all, :conditions => [["jobs.name LIKE ?", 'Teacher%'], {:group_id => current_contact.group}], :include => [:jobs, :photos])
Obviously it's not working. Is this my only option? @contacts = Contact.find(:all, :conditions => ['jobs.name LIKE ? AND group_id = ?', 'Teacher%', current_contact.group], :include => [:jobs, :photos])
:conditions => "jobs.name LIKE 'Teacher%' AND group_id = #{current_contact.group}"
HTH, Jeffrey
In general that is about it. In this particular case it looks like you could do
current_contact.group.contacts.find :all, :conditions => [["jobs.name LIKE ?", 'Teacher%'], ...
assuming that group has_many contacts
Fred
Quoting Sijo Kg <rails-mailing-list@andreas-s.net>:
Jeffrey L. Taylor wrote: > Quoting CoolAJ86 <coolaj86@gmail.com>: >> [:jobs, :photos]) > :conditions => > "jobs.name LIKE 'Teacher%' AND group_id = #{current_contact.group}" > > HTH, > Jeffrey
Passing a string to :conditions like this welcomes sql injection attacks So can it be avoided and pass an array instaed like in last post by fred?Am I right?
Only if current_contact.group is string. I assumed that it is an integer, in which case, no SQL injection attack is possible for this call.
Jeffrey
In general that is about it. In this particular case it looks like you could do
current_contact.group.contacts.find :all, :conditions => [["jobs.name LIKE ?", 'Teacher%'], ...
As I understand it, that won't eager-load (join) groups, jobs, and contacts together.
See, as I iterate through contacts I want to pull group and job information without excess database calls.