Module: SQLRecord::SanitizedQuery

Included in:

Base

Defined in:

lib/sql_record/sanitized_query.rb

Instance Method Summary

• #find(params = {}) ⇒ Array

  Executes the #query proc on your database, building SQLRecords with the results.

• #query {|params| ... } ⇒ Object

  Specifies the query to execute.

Instance Method Details

#find(params = {}) ⇒ Array

Executes the #query proc on your database, building SQLRecords with the results.

Parameters:

• params (Hash) (defaults to: {}) —

  a hash of parameters that are yielded to the #query proc

Returns:

• (Array) —

  Bases with their raw_attributes set to the row results.

# File 'lib/sql_record/sanitized_query.rb', line 6

def find params={}
  rows = execute_query params

  rows.map do |row|
    new row
  end
end

#query {|params| ... } ⇒ Object

Note:

do not try to sanitize identifiers, only values will sanitize well

["where id = ?", 1] => "where id = 1"
["where name = ?", "hello"] => "where id = 'hello'"
["ORDER BY ? ASC", "id"] => "ORDER BY 'id' ASC"  << not legitimate SQL

Specifies the query to execute

Yields:

• the block that will be executed with each #find

Yield Parameters:

• params (Hash) —

  the parametrs passed in from #find

Yield Returns:

• (Array, String) —

  Either the sql string or a sanitize array to be executed.

# File 'lib/sql_record/sanitized_query.rb', line 23

def query &deferred
  @query_proc = deferred
end