SQL search

Obviously, you'd have to try it yourself, but:

match_part = sanitize_sql(['MATCH(title, body) AGAINST(?)', keyword])
Article.find(:all, :select => "*, #{match_part} AS score",
              :conditions => match_part, :order => 'score DESC')

I'm guessing that the $keyword is from Perl, but I've assumed that you have a local variable called keyword. Look closely at whether the conditions end up correct or if things get double-escaped in the final SQL.

-Rob

Rob Biedenharn http://agileconsultingllc.com
Rob@AgileConsultingLLC.com

How I write it in rails format? Articles.find( ???)

SELECT *, MATCH(title, body) AGAINST('$keyword') AS score FROM
articles
WHERE MATCH(title, body) AGAINST('$keyword') ORDER BY score DESC

Obviously, you'd have to try it yourself, but:

match_part =

self.class.

sanitize_sql(['MATCH(title, body) AGAINST(?)', keyword])
Article.find(:all, :select => "*, #{match_part} AS score",
             :conditions => match_part, :order => 'score DESC')

I'm guessing that the $keyword is from Perl, but I've assumed that you
have a local variable called keyword. Look closely at whether the
conditions end up correct or if things get double-escaped in the final
SQL.

-Rob

Rob Biedenharn http://agileconsultingllc.com
Rob@AgileConsultingLLC.com

Sorry, if you look at the docs, sanitize_sql is a protected class method of ActiveRecord::Base

-Rob

Rob Biedenharn http://agileconsultingllc.com
Rob@AgileConsultingLLC.com

Rob Biedenharn wrote:

It's not a protected "class", it's a protected method in the class ActiveRecord::Base which your Article class is a sub-class. If you don't like the form of the call, make your own class method like this:

class Article
   def self.keyword_find(keyword)
     match_part = sanitize_sql(['MATCH(title, body) AGAINST(?)', keyword])
     find(:all, :select => "*, #{match_part} AS score",
          :conditions => match_part, :order => 'score DESC')
   end
end

Then just call "normally":

good_articles = Article.keyword_find('chocolate')

Does that make you happier? There's nothing wrong with using sanitize_sql, you just need to call it from the Article class rather than 'directly'.

-Rob

Rob Biedenharn http://agileconsultingllc.com
Rob@AgileConsultingLLC.com