27 Apr '14, 7pm

'Using Arel to build complex SQL expressions (postgresql pg_trgm)' #ruby #orm #ar

I write and maintain a gem called pg_search that makes it easy to build Active Record scopes that take advantage of PostgreSQL’s built-in full-text search functionality. Part of generating these scopes involves taking user input (which come in as Ruby strings) and comparing it against columns in database tables to see which records match. Escaping strings Here’s a (simplified) example query that uses the trigram operator, % , to do a fuzzy text match. SELECT * FROM "blog_posts" WHERE content % 'foo'; A naïve way to write this in an Active Record would be: BlogPost.where("content % '#{query}'") This is, of course, a bad way to write this query, because it would be trivial for a user to supply a query string that does something destructive. query = "'; DELETE FROM blog_posts; SELECT '1" BlogPost.where("content % '#{query}'") This query breaks out of the quotes and generates ...

Full article: http://pivotallabs.com/using-arel-to-build-complex-sql-ex...

Tweets

这版本号怎么回事

rubygems.org 06 May '14, 4pm

Arel is a SQL AST manager for Ruby. It 1. Simplifies the generation of complex SQL queries 2. Adapts to various RDBMSes It...

Good guy @pivotallabs

pivotallabs.com 28 Apr '14, 1am

Tracker is the award-winning agile project management tool that enables real-time collaboration around a shared, prioritiz...

3 #Google Analytics reports that you should be using now!

3 #Google Analytics reports that you should be ...

titan-seo.com 27 Apr '14, 5pm

Google Analytics is a robust tool that helps to track activity and conversions on your website, plus it's free! But with s...

Arkhash is the winner of this voting period. #A...

bitcointalk.org 27 Apr '14, 9pm

Quote from: cryptohunter on March 16, 2014, 04:56:47 PM exactly - bobs back yard without an open source is not going to be...

Castlewood Group – Build It, And They Will Come And Invest.

Castlewood Group – Build It, And They Will Come...

youngupstarts.com 29 Apr '14, 3am

Thailand’s resort island of Phuket is well known for its lush tropical beaches and luxury resorts that attract a large num...

How to Build a Backyard Pond for Wildlife: #sav...

nwf.org 27 Apr '14, 3am

Backyard ponds are easy-to-create water features add wonderful diversity to your yard and provide endless hours of enterta...

Looking for a styleguide generator. hologram lo...

pivotallabs.com 04 May '14, 3am

Styleguides are handy because they document conventions for projects; making communication easier across the team whether ...

Re:Design:UX conf @jonathanpberger @cwodtke @ra...

pivotallabs.com 01 May '14, 6pm

Jonathan Berger is a designer, developer and technologist who has been active in the NYC technology scene since around 200...

Inside SEER: Using Custom Search Engines for SEO #SEO #Marketing

Inside SEER: Using Custom Search Engines for SE...

seerinteractive.com 29 Apr '14, 2pm

This is a post from our “Inside SEER” series where we’ll be sharing with you, almost verbatim, what we share with each oth...

I wrote a thing:

pivotallabs.com 06 May '14, 1pm

Recently the question was asked: “How much access does Pivotal Labs give their clients?” The most important aspect of work...

Call for expressions of interest for SBE 16 eve...

iisbe.org 27 Apr '14, 3pm

As part of the on-going SBE Conference series, CIB, iiSBE, UNEP-SBCI and FIDIC, invite non-binding Expression of Interest ...

Rails is omakase; so is AngularJS via @pivotallabs

pivotallabs.com 28 Apr '14, 3am

DHH, one of the creators of Rails wrote a seminal blog post about Rails’ configurability and design to permit choice, whil...

Build Your Own Wind Turbine #green

Build Your Own Wind Turbine #green

jetsongreen.com 27 Apr '14, 3am

Daniel Connell, the creator of the SolarFlower has released another very useful DIY tutorial. This one is for building a w...