Topic: translate "SELECT * WHERE xyz LIKE '%abc%'" into Rails

newest newbie here...
I cannot find how to do it right with ActiveRecord...

the following works, but it is ugly and should not be done like this AFAIK:

my_param = "'%" + params[:tag] + "%'"
find(
  :all,
  :conditions  => "tags LIKE #{my_param}")

thx in advance

Re: translate "SELECT * WHERE xyz LIKE '%abc%'" into Rails

This is subject to SQL injection as it inserts the params value directly into the query. Instead it is better to do this:

find(:all, :conditions => ["tags LIKE ?", "%#{params[:tag]}%"])

Here rails automatically replaces the question mark with the escaped version of params[:tag].

Railscasts - Free Ruby on Rails Screencasts