How to run raw SQL queries with Sequel

sql ruby sequel
veccy picture veccy · Jun 29, 2010 · Viewed 12.4k times · Source

I am not clear yet on the proper way to run raw SQL queries with Sequel.

Currently I am trying this:

DB.fetch("SELECT * FROM zone WHERE dialcode = '#{@dialcode}' LIMIT 1") do |row|
 @zonename = row
end

How can I can run the queries as raw SQL then access the results like normal?

if @zonename.name = "UK"

Answer

Jeremy Evans picture Jeremy Evans · Aug 17, 2012

Note that instead of:

DB.fetch("SELECT * FROM zone WHERE dialcode = '#{@dialcode}' LIMIT 1")

you should do:

DB.fetch("SELECT * FROM zone WHERE dialcode = ? LIMIT 1", @dialcode)

Otherwise, you open yourself to SQL injection if you don't control the contents of @dialcode.

Related questions

How to round an average to 2 decimal places in PostgreSQL?

I am using PostgreSQL via the Ruby gem 'sequel'. I'm trying to round to two decimal places. Here's my code: SELECT ROUND(AVG(some_column),2) FROM table I get the following error: PG::Error: ERROR: function round(double precision, integer) …

Read More
Rails 4 LIKE query - ActiveRecord adds quotes

I am trying to do a like query like so def self.search(search, page = 1 ) paginate :per_page => 5, :page => page, :conditions => ["name LIKE '%?%' OR postal_code like '%?%'", search, search], order => 'name' end …

Read More
Exporting data from SQL Server Express to CSV (need quoting and escaping)

I've spent 2 days trying to export a 75,000 row table containing a large text field of user input data from a SQL server installation. This data contains every plain ascii character, tabs, and newlines. I need to export CSV where every …

Read More