tags:

views:

274

answers:

3
+2  Q: 

How can I use % in a :conditions argument to ActiveRecord.find?

I'm trying to do a query like this:

Widget.find(:all, :conditions => ["name like %awesome%"])

However, I'm getting a "malformed format string" exception from sanitize_sql, specifying the "%" as the problem.

How can I perform this query?

A: 

Try

Widget.find(:all, :conditions => ["name like '%awesome%'"])

Just added single quotes around the string %awesome%

Edit: Ok, that doesn;t actually work. The sql sanitizer is doing something screwy with the %s.

This will work.

Widget.find(:all, :conditions => ["name like ?","%awesome%"])

As per John Topley's answer you can make the string a variable if that is what you really need.

One tip I find useful when running into SQL errors is checking the development.log - that will list all the queries that are actually running against the database. Assuming you have basic knowledge of SQL it is often useful to debug them directly in a console, rather than making stabs at the ActiveRecord level (although I think in your case the code was barfing before it got to that stage)

DanSingerman  2009-06-04 09:48:33
Adding single quotes doesn't seem to help :-(
kdt  2009-06-04 10:07:47
@jcs - what is reported as the SQL statement in the log?
DanSingerman  2009-06-04 10:09:11
+6  A: 

Try this syntax:

term = "awesome"
Widget.all(:conditions => ["name LIKE ?", "%#{term}%"])
John Topley  2009-06-04 09:49:55
Thank you, that works perfectly. If you happen to have an explanation as to why the version I was trying wasn't working properly then that would be appreciated.
kdt  2009-06-04 10:12:18
Rails doesn't parse the SQL in the condition i.e. your percent symbols. You have to pass the parameter into the condition.
John Topley  2009-06-04 10:22:07
When you use the syntax above that John suggested, Rails is able to sanitize the input by escaping characters so that users can't do an SQL injection attack. In this process, it surrounds the input with quotes. This is the method you should use to avoid potential problems :-)
Topher Fangio  2009-06-04 14:09:22
A: 

Your solution doesn't work because you don't have quotes around %awesome%.

Mike H  2009-06-04 13:24:49

related questions

Best place to get Ruby on Vista up and running as dev environment
How can I encode xml files to xfdl (base64-gzip)?
What is the best way to learn Ruby?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a Class using the Singleton Design Pattern in Ruby?
How do I update Ruby Gems from behind a Proxy (ISA-NTLM)
Why Should I Learn Ruby?
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
How do I rake tasks within a ruby script?
Ruby On Rails with Windows Vista - Best Setup?
Mapping values from two array in Ruby
Reverse DNS in Ruby?
Text Editor For Linux (Besides Vi)?
What is good forum software to add to an existing Rails application?
Calling Bash Commands From Ruby
How can I modify .xfdl files? (Update #1)
How do I use (n)curses in Ruby?
Open Source Ruby Projects
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
When to use lambda, when to use Proc.new?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.
.NET Migrations Engine
How do I add existing comments to RDoc in Ruby?