Replace example with SQL placeholder syntax.
This works just fine, is less code, and reduces the risk of someone implementing a SQL injection vulnerability.
This commit is contained in:
parent
979f3f894b
commit
1ffd5ec910
|
@ -1234,7 +1234,7 @@ If you need to evaluate conditions dynamically at runtime, use a proc:
|
||||||
<ruby>
|
<ruby>
|
||||||
class Customer < ActiveRecord::Base
|
class Customer < ActiveRecord::Base
|
||||||
has_many :latest_orders, :class_name => "Order",
|
has_many :latest_orders, :class_name => "Order",
|
||||||
:conditions => proc { "orders.created_at > #{10.hours.ago.to_s(:db).inspect}" }
|
:conditions => proc { ["orders.created_at > ?, 10.hours.ago] }
|
||||||
end
|
end
|
||||||
</ruby>
|
</ruby>
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue