Topic: Remove quotes from SQL statement

Hi,

I am trying to populate an SQL statement using values from a web form that contains a drop down list and a text box.  The drop down list populates :this_col_name and the text box populates :query.  Those 2 values are to be used in a SQL statement like this:

conditions = ['? LIKE ?', "#{@params[:this_col_name]}","%#{@params[:query]}%"] unless @params[:query].nil?

However, this does not work because the resulting SQL statement is this:
SELECT * FROM shops WHERE ('name' LIKE '%MyShop%')

Notice how there are quotes around 'name'.  The SQL doesn't return anything unless 'name' has no quotes, so if I use this statement instead, it works:

conditions = ["'name' LIKE ?", "%#{@params[:query]}%"] unless @params[:query].nil?

The result is a SQL statement like this:
SELECT * FROM shops WHERE (name LIKE '%MyShop%')

I don't want to have to put the 'this_col_name' value in the code directly, any idea how to get around this?

Thanks.