A couple of things: 1) You want to make sure you protect against SLQ injection, so do not pass the variables without escaping them. Rails does this for you when it substitutes the ? in the find method.
2) You can use the code below to do what you want. Hope that helps, Alberto. ========================== def self.search(params={}) conditions = [] condition_values = [] unless params[:name].blank? conditions << "name like ?" condition_values << "%#{params[:name]}%" end unless params[:place].blank? conditions << "place like ?" condition_values << "%#{params[:place]}%" end unless conditions.blank? self.find(:all, :conditions => [conditions.join(" AND "), *condition_values], :limit => 100) else [] end end --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---