apotonick
commented
13 years ago Hi Bernát,
ouch! I'll fix that in the next screencast. Thanks man!
Open cie opened 13 years ago
apotonick
commented
13 years ago Hi Bernát,
ouch! I'll fix that in the next screencast. Thanks man!
cie
commented
13 years ago You're very welcome :) I'm glad to have helped a bit
cie
commented
13 years ago oops cliked the wrong button:)
Hi,
Sorry for the hair-splitting, I know that it's just an example, but just in case someone copies it, would you consider changing items = Tweet.find(:all, :conditions => "text LIKE '%#{param(:term)}%'"). to something like items = Tweet.find(:all, :conditions => ["text LIKE '%' || ? || '%'", param(:term)]). or maybe items = Tweet.where("text LIKE ?", "%#{param(:term)}%"). on http://apotomo.de/peters-guide-1.1/autocomplete.html in line 9 of app/cells/quick_search.rb because its a security hole.
Cheers, Bernát
p.s. Apotomo is awsome. It solved nearly all problems I currently had with rails. Many thanks :)