Rails LIKE condition (Page 1) - Models and Database - Rails Forum

Pages 1

You must login or register to post a reply

1 Topic by robzdc 2012-10-08 12:28:32

robzdc
Ticketholder
Offline

Registered: 2012-06-24
Posts: 16

Topic: Rails LIKE condition

Hi there, Im having a problem trying to create a query with multiple "like" conditions, the codes looks like this...

@search = []
@like = []
@words = params[:qsearch].split(" ")
@words.each do |p|
        @like << "tags LIKE ?"
        @search << "%"+p+"%"
end
@search = Pagina.where("#{@like.join}", @search).page(params[:page]).per(20)

It supose to be sanitized using "tags LIKE ?", @var but when the param is ' OR "1"="1" -- # the query fails because it closes the query with the single quote or double quote, how do I suppose to use the LIKE condition?

Last edited by robzdc (2012-10-08 12:31:05)

2 Reply by robzdc 2012-10-08 23:36:38

robzdc
Ticketholder
Offline

Registered: 2012-06-24
Posts: 16

Re: Rails LIKE condition

DONE!
The problem was that there was no 'OR' for each parameter

Posts [ 2 ]

Pages 1

You must login or register to post a reply