sql_filter

sql_filter helps you to build sql-conditions from parameters and avoids sql injections.

INSTALL:

coming soon

EXAMPLE:

Options for attributes

* value => fixed value or array of allowed values
* operator => fixed operator or list of allowed operators [default: =]
* default_operator => operator or first element of operator
* ignore_blank => Boolean [default: true]
* escape => Boolean [default: true]

Simple

MyFilter < SqlFilter
  attributes :foo
end

filter = MyFilter.new(:foo => 'bar')
filter.to_a == ["1 AND (`foo` = ?)",'bar']

With default

MyFilter < SqlFilter
  attributes :name, :default => 'any', :operator => :like
end

filter = MyFilter.new(:foo => 'bar')
filter.to_a == ["1 AND (`foo` LIKE ?)",'%bar%']

Custom method

MyFilter < SqlFilter
  attributes :name

  def name_to_sql
    ["foreign_id IN (SELECT id FROM foreigns WHERE name LIKE ?)",name]
  end

end

filter = MyFilter.new(:foo => 'bar')
filter.to_a == ["1 AND `foreign_id` IN (SELECT id FROM foreigns WHERE name LIKE ?))","bar"]

Copyright © 2009 Julian K., released under the MIT license