Topic: Rails LIKE condition

Hi there, Im having a problem trying to create a query with multiple "like" conditions, the codes looks like this...

@search = []
@like = []
@words = params[:qsearch].split(" ")
@words.each do |p|
        @like << "tags LIKE ?"
        @search << "%"+p+"%"
@search = Pagina.where("#{@like.join}", @search).page(params[:page]).per(20)

It supose to be sanitized using "tags LIKE ?", @var but when the param is ' OR "1"="1" -- # the query fails because it closes the query with the single quote or double quote, how do I suppose to use the LIKE condition?

Last edited by robzdc (2012-10-08 12:31:05)

Re: Rails LIKE condition

The problem was that there was no 'OR' for each parameter