sql_filter
sql_filter helps you to build sql-conditions from parameters and avoids sql injections.
INSTALL:
coming soon
EXAMPLE:
Options for attributes
* value => fixed value or array of allowed values
* operator => fixed operator or list of allowed operators [default: =]
* default_operator => operator or first element of operator
* ignore_blank => Boolean [default: true]
* escape => Boolean [default: true]
Simple
MyFilter < SqlFilter
attributes :foo
end
filter = MyFilter.new(:foo => 'bar')
filter.to_a == ["1 AND (`foo` = ?)",'bar']
With default
MyFilter < SqlFilter
attributes :name, :default => 'any', :operator => :like
end
filter = MyFilter.new(:foo => 'bar')
filter.to_a == ["1 AND (`foo` LIKE ?)",'%bar%']
Custom method
MyFilter < SqlFilter
attributes :name
def name_to_sql
["foreign_id IN (SELECT id FROM foreigns WHERE name LIKE ?)",name]
end
end
filter = MyFilter.new(:foo => 'bar')
filter.to_a == ["1 AND `foreign_id` IN (SELECT id FROM foreigns WHERE name LIKE ?))","bar"]
Copyright © 2009 Julian K., released under the MIT license