A couple of things:
1) You want to make sure you protect against SLQ injection, so do not
pass the variables without escaping them. Rails does this for you when
it substitutes the ? in the find method.
2) You can use the code below to do what you want.
Hope that helps,
Alberto.
==========================
def self.search(params={})
conditions = []
condition_values = []
unless params[:name].blank?
conditions << "name like ?"
condition_values << "%#{params[:name]}%"
end
unless params[:place].blank?
conditions << "place like ?"
condition_values << "%#{params[:place]}%"
end
unless conditions.blank?
self.find(:all, :conditions => [conditions.join(" AND "),
*condition_values], :limit => 100)
else
[]
end
end
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
