I'm guessing that the $keyword is from Perl, but I've assumed that you have a local variable called keyword. Look closely at whether the conditions end up correct or if things get double-escaped in the final SQL.
I'm guessing that the $keyword is from Perl, but I've assumed that you
have a local variable called keyword. Look closely at whether the
conditions end up correct or if things get double-escaped in the final
SQL.
It's not a protected "class", it's a protected method in the class ActiveRecord::Base which your Article class is a sub-class. If you don't like the form of the call, make your own class method like this:
class Article
def self.keyword_find(keyword)
match_part = sanitize_sql(['MATCH(title, body) AGAINST(?)', keyword])
find(:all, :select => "*, #{match_part} AS score",
:conditions => match_part, :order => 'score DESC')
end
end
Then just call "normally":
good_articles = Article.keyword_find('chocolate')
Does that make you happier? There's nothing wrong with using sanitize_sql, you just need to call it from the Article class rather than 'directly'.
