I don’t know how to do the same thing on ruby:
In the php i can use following structure:
while ((list($r_key, $r_value) = each($rule_arr))
&& (list($v_key, $v_value) = each($value_arr))
&& (list($s_key, $s_value) = each($stack_arr)))
{
$insert_rules_for_types = sprintf("INSERT INTO
`rules_for_types`(`types_id`, `rules_id`, `value`, `stackcount`)
value('%d','%d','%d','%d')", intval($type_id), intval($r_value),
intval($v_value), intval($s_value));
commit_changes($insert_rules_for_types);
}
How can I do the same on ruby ?
A fairly literal rewriting of it would be something like this:
Whatever you’re doing here in PHP, you can probably side-step a lot of the mess of constructing SQL by using an ORM like ActiveRecord which is very broad in scope, or Sequel which is much lighter and more plug-in oriented.
Both of these, when used correctly, will ensure you’ve escaped your SQL properly. Casting to integer is a sign of weak escaping as it’s not a general purpose solution.
Sequel has a Ruby interface to many SQL calls, so an
INSERTmaps out as some straight-forward code:Doing it this way makes it very hard to inject unescaped values into your queries.