This is to protect against sql injection. It is not a problem for now (we don't have apostrophes or other special characters in any of the strings), but it is not a good idea.
There are 2 instances I want to fix.
def self.set_status_for_ids(status, ids)
sql = "update operations set status = '#{status}' where id in ( #{ids.join(',')} )"
Operation.connection.execute sql
end
def self.set_status_for_job(status, job_id)
sql = "update operations set status = '#{status}' where id in ( select operation_id from job_associations where job_id = #{job_id} )"
Operation.connection.execute sql
end
This is to protect against sql injection. It is not a problem for now (we don't have apostrophes or other special characters in any of the strings), but it is not a good idea.
There are 2 instances I want to fix.
def self.set_status_for_ids(status, ids) sql = "update operations set status = '#{status}' where id in ( #{ids.join(',')} )" Operation.connection.execute sql end
def self.set_status_for_job(status, job_id) sql = "update operations set status = '#{status}' where id in ( select operation_id from job_associations where job_id = #{job_id} )" Operation.connection.execute sql end