There is no parameter $1 ...Sending SQL statement to Rails for Postgresql, what am I doing wrong? -

- 

activerecord::base.connection.execute(           "with numberofdays            (select percent_change asset_histories            date < $1           , asset_symbol = $2           order date desc           limit $3)           select stddev_samp(percent_change) stdev numberofdays",           [day,symbol,daystolimit])

where day, symbol , daystolimit variables assigned before above code. assigned such:

day = '2013-03-25' symbol = 'aapl' daystolimit = 20

i don't want use #{variable} because of potential malicious intent. referenced in title, statement returning

pgerror error: there no parameter $1 line 1 ... date <$1 and...

using postgresql 9.2 , rails 3.2

edit adding alternative solution found here:

in addition mu short uses connection.method(:quote), couldn't find documentation on came across post quoting done such:

a = activerecord::base.connection a.execute(%q{select * table id = #{a.quote(variable)}...})

from fine (?) manual:

execute(sql, name = nil)

executes sql statement, returning pgresult object on success or raising pgerror exception otherwise.

note second parameter isn't binding parameters, name (afaik) logging purposes.

activerecord doesn't use bound parameters internally, quoting , escaping , builds big sql string database (cringe). can mimic behavior using quote method , string interpolation:

q = activerecord::base.connection.method(:quote) activerecord::base.connection.execute(%q{     numberofdays      (select percent_change asset_histories      date < #{q[day]}     , asset_symbol = #{q[symbol]}     order date desc     limit #{daystolimit})     select stddev_samp(percent_change) stdev numberofdays })

you'll have ensure daystolimit number on own (or quote , cast integer inside sql).

alternatively, connect database using raw pg interface , use real prepared statments.


Comments

Post a Comment

Popular posts from this blog

Hatching array of circles in AutoCAD using c# -

-
i beginner in autocad plugins .i have created array of circle using following code. now, have hatch circles in array .how that??how hatch circles @ once? moreover, how can return hatch method , use hatch objects.sorry language.thanks in advance. [assembly: commandclass(typeof(beamsection.class1))] namespace beamsection { public class class1 { //class1 obj = new class1(); [commandmethod("beamatsupport")] public void addlightweightpolyline() { // current document , database document acdoc = application.documentmanager.mdiactivedocument; database accurdb = acdoc.database; promptpointresult ppr = acdoc.editor.getpoint("\nselect starting point "); var ucs = acdoc.editor.currentusercoordinatesystem; point3d startingpt = ppr.value.transformby(ucs); list<double> radius = new list<double>(); radius.add(0.5);
Read more

ios - UITEXTFIELD InputView Uipicker not working in swift -

-
hello trying pop uipickerview view programmatically when user clicks on textfield. have tried doesn't doing anything. isn't working. nothing happening when click textfield class userprofiletableviewcontroller: uitableviewcontroller,uitextfielddelegate,uipickerviewdelegate,uipickerviewdatasource { var itempicker: uipickerview! = uipickerview() @iboutlet weak var gendertxtfield: uitextfield! var gender = ["male","female"] override func viewdidload() { super.viewdidload() gendertxtfield.delegate = self itempicker!.delegate = self itempicker!.datasource = self itempicker!.backgroundcolor = uicolor.blackcolor() self.gendertxtfield.inputview = itempicker } func numberofcomponentsinpickerview(pickerview: uipickerview) -> int{ return 1 } // returns # of rows in each component.. func pickerview(pickerview: uipickerview, numberofrowsincomponent component:
Read more

Python Pig Latin Translator -

-
so have been working on @ codecademy.com while trying learn python. don't know if blind , can't see why won't work or what. here's code won't let me use. function print variable if had typed in , print "empty" if didn't type anything. print "welcome english pig latin translator!" original = raw_input("what's name?") if len(original) > 0 print original else print "empty" if len(original) > 0 else the above lines contains syntax errors. try: if len(original) > 0: else: note added colons, ( : ).
Read more