Skip to content
This repository
Browse code

Replace example with SQL placeholder syntax.

This works just fine, is less code, and reduces the risk of someone implementing a SQL injection vulnerability.
  • Loading branch information...
commit 1ffd5ec91069167043c8ecd0d949098f566d88eb 1 parent 979f3f8
Joost Baaij authored November 08, 2011
2  railties/guides/source/association_basics.textile
Source Rendered
@@ -1234,7 +1234,7 @@ If you need to evaluate conditions dynamically at runtime, use a proc:
1234 1234
 <ruby>
1235 1235
 class Customer < ActiveRecord::Base
1236 1236
   has_many :latest_orders, :class_name => "Order",
1237  
-    :conditions => proc { "orders.created_at > #{10.hours.ago.to_s(:db).inspect}" }
  1237
+    :conditions => proc { ["orders.created_at > ?, 10.hours.ago] }
1238 1238
 end
1239 1239
 </ruby>
1240 1240
 

0 notes on commit 1ffd5ec

Please sign in to comment.
Something went wrong with that request. Please try again.