Is it possible to put variables in my query that do not use string interpolation?

Ok so I have an SQL request using string interpolation and running perfectly :

  ActiveRecord::Base.connection.execute("UPDATE my_table SET location = ST_SetSRID(ST_MakePoint('#{my_table.longitude}'::numeric, '#{my_table.latitude}'::numeric), 4326)::geography WHERE id=#{id}")

What I want to do is using SQL variables instead of string interpolation (for security reasons (SQL injections)) but I have been into some troubles with my query :

ActiveRecord::Base.connection.execute("UPDATE my_table SET location = ST_SetSRID(ST_MakePoint(':longitude'::numeric, ':latitude'::numeric), 4326)::geography WHERE id=#{id}", longitude: my_table.longitude, latitude: my_table.latitude)

The error I get is :

PG::InvalidTextRepresentation: ERROR: invalid input syntax for type numeric: ":longitude" (ActiveRecord::StatementInvalid)

Is there a way to use SQL variables properly in the last query ?

Try '?' instead of interpolation

ActiveRecord::Base.connection.execute("UPDATE my_table SET location = ST_SetSRID(ST_MakePoint( ? , ? , 4326)::geography WHERE id= ? ", "#{my_table.longitude}::numeric", "#{my_table.latitude}::numeric)", id  )

Can I create an HTML window that does not use Javascript? or do I put the Javascript in the & lt; body & gt; section?

I have to create a pop up that will be show when the user click on a link. I think that I can not use Javascript because I have no access to the full template so I can't put the javascript into the <head></head> section of the page (I can't mo

Problem with Oracle link variables that do not use the index correctly

In my scenario, the following query runs fast (0.5 seconds on a table with 70 million rows): select * from Purchases where (purchase_id = 1700656396) and, it even runs fast using bind variables: var purchase_id number := 1700656396 select * from Purc

Voting variable passing to js - I do not use form, POST or django-vote

I have a simple entry and display system for short texts on a single web page. The text input is just an input field with a GET in views. I'd like a very basic up or down voting system on the page for the latest entries. I can get the latest entries

The variable $ _GET is a query that does not work when it is passed

Im using the following to assign a value to a variable if the variable is passed via the URL: if (!empty($_POST)) { $sortBy = isset($_GET['sort']) ? $_GET['sort'] : 'mgap_ska_id'; } here is where the variable is being passed: $result = "SELECT mgap_s

Is it possible to add sections to .config files that will not be scanned by ConfigurationManager

I don't want to create separate configuration file for my app but store the data in the web.config. I just want to put some XML there and manually parse it because current implementation of ConfigurationManager isn't appropriate for my case. However,

It is possible to create a program in Visual Studio C ++ 2008 that does not use the .NET framework?

Possible Duplicate: How do I create a native application using Visual C++ 2008? Can I develop a program that not use the .NET Framework (Win32) in Visual Studio C++? For example like the ones in Visual Studio C++ 6?Yes. File, New Project, go to Visua

Typewriting: How to call a variable that does not use & ldquo; this & rdquo; all over

As the example below, how to avoid write "this" everywhere, is there a way to write heroes, myHero,lastone without "this" ? Just like common javascript When you use a class you are dealing with properties and methods, not variables and

Is it possible to include classes that are not used by service operations in the WCF service metadata?

Per default, all data contract entities, involved in realization of service operation (and their known types, are include in service metadata. I am trying to find out, if it is possible in include other classes or data contracts in the metadata. The

Is there a way to use a variable in a lambda that is not in the current scope?

Basically, I want to know if something like the below is possible? If this isn't possible is there any way to fake it? #include <iostream> using namespace std; template<typename Functor> void foo(Functor func) { auto test = [](Functor f){ int

Put constant text in EditText that should not be editable - Android

I want to have constant text inside editText like: http://<here_user_can_write> User should not be able to delete any chars from "http://", I searched about this and found this: editText.setFilters(new InputFilter[] { new InputFilter() { p

Is it possible to have an opacified base layer that does not overshoot its children?

Let say I've this code : <!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr"> <head&g

jQuery Defines a global variable for an element that does not yet exist in DOM

I'm working on a page where user can create a form by clicking to insert fields. Initially no input elements exist on the page. User clicks to created them. I'm trying to create Global variables to reference those input fields so i can later make use

Jinja2 - string variable with a space that does not read correctly in classname

I'm having an issue with Jinja2 not rendering the string 'fa fa-tachometer' correctly into the class name. Jinja2 renders that string like this: <i class={{ icon }}></i> into <i class="fa" fa-tachometer></i>, as shown in

Is it possible to open a Sqlite database with Javascript and not use anything but HTML5?

I'm trying to create an application that works on any mobile device, but doesn't require internet. I want to have an Sqlite database that I can query. I found a script, but it creates a WebSQL database in the browser. I want to query the flatfile. Is

Related Articles