sanitinzing text before inserting.

Hi All,
I am not aware of how many time this question might have propped up and
how many would have answered but googling for this did not satisfy me.
The issue that I am facing in one of my Rails Application is that I am
entering data in to a different database. I am using the following
connection.insert method of the ActiveRecord Base[/b]

model_name.connection.insert(INSERT IN TO
another_database.some_table(columns)VALUES())

This works fine till the point that no special characters are used. If
the user tries to insert a " ' "(single quote) or (' " ') a double
quote the insert fails.

I brushed through the API and found that they use the protected class
method of 'sanitize_sql_array' etc.

One possible way is to do a gsub and replace the ' with /' but I wanted
to know if there is any method in Ruby or Rails that could sanitize the
text before entering it in to the database

Hi All,
I am not aware of how many time this question might have propped up
and
how many would have answered but googling for this did not satisfy me.
The issue that I am facing in one of my Rails Application is that I am
entering data in to a different database. I am using the following
connection.insert method of the ActiveRecord Base[/b]

model_name.connection.insert(INSERT IN TO
another_database.some_table(columns)VALUES())

You'll be a lot easier off if you create a model configured to use
that other database connection. If that is truly impossible,
connection.quote should help you.
sanitize_sql etc... are protected methods, but that means it's fine to
call them from a descendant of ActiveRecord (and I really hope you
haven't got that in a controller)

Fred

Hey Fred thanks for your response.

Frederick Cheung wrote:

model_name.connection.insert(INSERT IN TO
another_database.some_table(columns)VALUES())

You'll be a lot easier off if you create a model configured to use
that other database connection.

That is a good option. But I am new to Rails and getting confused with
the establish_connection of the ActiveRecordBase

It would be great if you could give me an example of how to use it since
I am confused of where to use it in the controller or the Model.

If that is truly impossible,

connection.quote should help you.

Could you also give a small example of how to use it?

Thanks
Vinay

What flavour of database are you using?

vanderkerkoff wrote:

What flavour of database are you using?

MySql Server 5.0

Hey Fred thanks for your response.

Frederick Cheung wrote:

model_name.connection.insert(INSERT IN TO
another_database.some_table(columns)VALUES())

You'll be a lot easier off if you create a model configured to use
that other database connection.

That is a good option. But I am new to Rails and getting confused with
the establish_connection of the ActiveRecordBase

It would be great if you could give me an example of how to use it since
I am confused of where to use it in the controller or the Model.

It is in the Model. Here's an example:

class LegacyModel < ActiveRecord::Base
   establish_connection "legacy" if
     RAILS_ENV == 'production' && configurations.has_key?('legacy')
...
end

The argument ("legacy") refers to a named configuration in your database.yml file. In this case the conditional I have lets me have normal development and test connections to a single database, but in production, the "legacy" database connection will be used. If you always connected a particular model to a different database, you'd need only:

class AnotherDatabaseModel < ActiveRecord::Base
   establish_connection "another_database"
...
end

If you have many models that live in another database, you can:

class SomeModel < AnotherDatabaseModel
   # I will inherit the connection
end

class OnceMoreModel < AnotherDatabaseModel
   # I will inherit the connection, too
end

-Rob

Rob Biedenharn http://agileconsultingllc.com
Rob@AgileConsultingLLC.com

Jazzy, why don't you use UTF8 encoding?