Hi All,
I am not aware of how many time this question might have propped up and
how many would have answered but googling for this did not satisfy me.
The issue that I am facing in one of my Rails Application is that I am
entering data in to a different database. I am using the following
connection.insert method of the ActiveRecord Base[/b]
model_name.connection.insert(INSERT IN TO
another_database.some_table(columns)VALUES())
This works fine till the point that no special characters are used. If
the user tries to insert a " ' "(single quote) or (' " ') a double
quote the insert fails.
I brushed through the API and found that they use the protected class
method of 'sanitize_sql_array' etc.
One possible way is to do a gsub and replace the ' with /' but I wanted
to know if there is any method in Ruby or Rails that could sanitize the
text before entering it in to the database
Hi All,
I am not aware of how many time this question might have propped up
and
how many would have answered but googling for this did not satisfy me.
The issue that I am facing in one of my Rails Application is that I am
entering data in to a different database. I am using the following
connection.insert method of the ActiveRecord Base[/b]
model_name.connection.insert(INSERT IN TO
another_database.some_table(columns)VALUES())
You'll be a lot easier off if you create a model configured to use
that other database connection. If that is truly impossible,
connection.quote should help you.
sanitize_sql etc... are protected methods, but that means it's fine to
call them from a descendant of ActiveRecord (and I really hope you
haven't got that in a controller)
model_name.connection.insert(INSERT IN TO
another_database.some_table(columns)VALUES())
You'll be a lot easier off if you create a model configured to use
that other database connection.
That is a good option. But I am new to Rails and getting confused with
the establish_connection of the ActiveRecordBase
It would be great if you could give me an example of how to use it since
I am confused of where to use it in the controller or the Model.
It is in the Model. Here's an example:
class LegacyModel < ActiveRecord::Base
establish_connection "legacy" if
RAILS_ENV == 'production' && configurations.has_key?('legacy')
...
end
The argument ("legacy") refers to a named configuration in your database.yml file. In this case the conditional I have lets me have normal development and test connections to a single database, but in production, the "legacy" database connection will be used. If you always connected a particular model to a different database, you'd need only:
class AnotherDatabaseModel < ActiveRecord::Base
establish_connection "another_database"
...
end
If you have many models that live in another database, you can:
class SomeModel < AnotherDatabaseModel
# I will inherit the connection
end
class OnceMoreModel < AnotherDatabaseModel
# I will inherit the connection, too
end