11175
(-- --)
1
SELECT * FROM messages match(caption, message) against ('Rails')) ORDER
BY caption!='Rails', caption, message
How it will looks like in Ruby?
This doesn't work:
@word = "Rails"
@results = Blogs.paginate(:all, :order => ["caption!=?, caption,
message", @word], :conditions => [ "match(caption,message) against (?)",
@word], :page => params[:page], :per_page => 10)
Problem is in: order => ["caption!=?, caption, message", @word]
Hmm, I'm not Mr SQL, so I'm not sure what exactly
this ORDER thing is doing.
@word = "Rails"
@results = Blogs.paginate(:all, :order => ["caption!=?, caption,
message", @word], :conditions => [ "match(caption,message) against (?)",
@word], :page => params[:page], :per_page => 10)
Problem is in: order => ["caption!=?, caption, message", @word]
yep. the [...] syntax works only for the :conditions
You can just do:
@results = Blogs.paginate(:all, :order => "caption!=#{@word}, caption,
message", :conditions => [ "match(caption,message) against (?)",
@word], :page => params[:page], :per_page => 10)
Though you should make sure, nobody can inject any SQL in @word
11175
(-- --)
3
Thorsten Mueller wrote:
@results = Blogs.paginate(:all, :order => "caption!=#{@word}, caption,
What about security? Is it safe?