On Mar 16, 6:15 pm, J Smith wrote:
> I know this sort of feature has the potential to be abused and lead to
> SQL injection attacks, so as a sanity check, I figured I'd check to
> see if this sort of feature would be useful or if I'm as crazy as I
> may potentially be for bringing it up. I think i
I would agree to using Arel.sql too. I had a patch in recently that made sure
that #limit would allow a that value to be passed thru to Arel untouched. I
think more relation methods should do this. Just recently I had a user on the
sqlserver adapter list wanting to pass a complex sql literal to
On Thu, Mar 17, 2011 at 5:52 AM, Ernie Miller wrote:
>
> The Arel.sql factory method already enables the easy creation of
> SqlLiterals without monkeypatching String. Seems to me that this
> method doesn't really give us anything much more convenient than that,
> for the times when this sort of th
On Thu, Mar 17, 2011 at 01:05:42PM -0400, J Smith wrote:
> On Thu, Mar 17, 2011 at 5:52 AM, Ernie Miller wrote:
> >
> > The Arel.sql factory method already enables the easy creation of
> > SqlLiterals without monkeypatching String. Seems to me that this
> > method doesn't really give us anything m
And please post a followup here. I'll contribute a patch too for #order if that
does not already.
- Ken
On Mar 17, 2011, at 4:24 PM, Aaron Patterson wrote:
>> How would I use Arel.sql relative to the example from earlier, i.e.
>> from the ActiveRecord attributes standpoint? This still seems t
