LIKE clause

Sergio_Sergio · November 27, 2009, 4:14pm

Hello everybody, I would like to ask you if it is safe to use the LIKE clause as follow:

Artilce.find(:all, :conditions => [“title LIKE ?”, ‘%’ + params[:title] +‘%’])

Is it safe for sql iyection ? or do I need to escape all characters ???

Thanks in advance

Johan_De_Klerk · November 27, 2009, 4:15pm

Hi,

Yes that is safe. Was confused by this myself a couple of days ago.

Cheers, Johan

Sergio_Sergio · November 27, 2009, 7:46pm

ok, thank you

Topic		Replies	Views
Query problem with 'LIKE' rubyonrails-talk	4	94	March 31, 2008
Newbie question - using sql "Like '%...." in Find problem rubyonrails-talk	0	122	October 25, 2006
Could someone tell me if the query is secure rubyonrails-talk	2	122	October 29, 2009
LIKE clause in rails rubyonrails-talk	5	135	December 29, 2007
Like clause with active record rubyonrails-talk	4	219	October 8, 2007