Never been to DZone Snippets before?

Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world

SQL-Injection save parser generates ORDER BY statement (See related posts)

Parses a string and generates an SQL order statement.

Because it's SQL-Injection save you can put it in your link_to method as :order => '+name' and then call #parse_order( params[:order] ).

Examples:
'+name' => 'name'
'+lastname+firstname' => 'lastname, firstname'
'+lastname-gender' => 'lastname, gender DESC'

module ActiveRecord
  class Base
    class << self

      def parse_order( order )
        order = order.to_s.gsub /([ \+\-][a-z_]+)/ do |match|
          next unless self.column_names.include?( match[1..-1] )

          case match[0, 1]
          when '-' then "#{ match[1..-1] } DESC, "
          else "#{ match[1..-1] }, "
          end
        end and order[0..-3]
      end
    
    end
  end
end
to rails activerecord parsing by boof on Thu Feb 22 07:26:36 -0500 2007

You need to create an account or log in to post comments to this site.


Click here to browse all 4860 code snippets

Related Posts