开发者

How to preserve quotes in a Rails form submission?

开发者 https://www.devze.com 2023-01-06 21:21 出处:网络
How does one preserve the original quotes?The quotes are required when submitting a quoted search string, for example.

How does one preserve the original quotes? The quotes are required when submitting a quoted search string, for example.

  • Search form example1: ruby "new york"
  • Search from example2: "new york"

Resulting params[:q]:

  • for example1: "ruby \"new york\""
  • for example2: "new york"

Note that Rails throws away quotes if the entire strin开发者_StackOverflow中文版g is quoted, as in example2. But in example1, the quotes are preserved since they are interspersed within the string. I need example2 to preserve the quotes so I see params[:q] as "\"new york\"".


Are you talking about sql injectioning you want to search using "test me" and not "\"test me"\".

Use following to search

@users = User.find(:all, :conditions=>["(username like :text)",{:text=>"%#{params[:search_text]}%"}]) 


This was a Rails bug that has long since been fixed.

0

精彩评论

暂无评论...
验证码 换一张
取 消