This project is archived and is in readonly mode.

#12 ✓invalid
Dan Barry

Bounded params in find(...:from)

Reported by Dan Barry | April 16th, 2008 @ 07:42 PM

Add the ability to pass in bounded parameters in the :from part of a find call. This is useful for selecting from a db function or stored procedure which needs parameters from input which is possibly tainted.

http://github.com/danbarry/rails...

Comments and changes to this ticket

  • Dan Barry

    Dan Barry April 17th, 2008 @ 04:04 PM

    My tests look worse and worse every time I see them, but I can't think of a way to make them clearer without writing (and testing in every supported db) a db function that simply returns all of the rows from a table. Should I do that or can anyone think of a better way to test this?

  • John Barnette

    John Barnette April 22nd, 2008 @ 08:25 AM

    • Title changed from “[PATCH] bounded params in find(...:from)” to “Bounded params in find(...:from)”
  • Dan Barry

    Dan Barry May 1st, 2008 @ 05:06 PM

    Oops, I deleted my github fork while I still had an outstanding patch. Ignore the link in my comment and instead scroll down to the link to the patch on the bottom right.

  • Kyle Hargraves

    Kyle Hargraves May 1st, 2008 @ 05:20 PM

    +1, tests pass, and I've been using this in production for a while. It makes it much cleaner to call database functions from within AR without having to go through find_by_sql.

  • Pratik

    Pratik May 11th, 2008 @ 11:20 PM

    • State changed from “new” to “invalid”

    The patch doesn't apply cleanly anymire.

    I think it'll be a good idea to discuss this patch/feature in the core mailing list.

    Thanks.

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Attachments

Referenced by

Pages