Replace example with SQL placeholder syntax.

This works just fine, is less code, and reduces the risk of someone implementing a SQL injection vulnerability.
2011-11-08 16:27:15 +01:00 · 2011-11-08 16:27:15 +01:00 · 1ffd5ec910
parent 979f3f894b
commit 1ffd5ec910
1 changed files with 1 additions and 1 deletions
--- a/railties/guides/source/association_basics.textile
+++ b/railties/guides/source/association_basics.textile
@ -1234,7 +1234,7 @@ If you need to evaluate conditions dynamically at runtime, use a proc:
 <ruby>
 class Customer < ActiveRecord::Base
  has_many :latest_orders, :class_name => "Order",
-    :conditions => proc { "orders.created_at > #{10.hours.ago.to_s(:db).inspect}" }
+    :conditions => proc { ["orders.created_at > ?, 10.hours.ago] }
 end
 </ruby>