Ruby UTF8 encoding problem -


i have ruby/rails app.

i have artists table in postgresql database want query name. have artists portuguese characters etc. , having issues querying them.

for example 1 band called legião urbana. if query string "legiã" app following params:

{"action"=>"search_artist", "q"=>"legi\343", "controller"=>"home"}

however error query

artist.all(:conditions => "name '%#{params[:q]}%'")  pgerror: error:  invalid byte sequence encoding "utf8": 0xe32527

what should doing convert utf8 or fix happening somehow?

you need know encoding of parameter in query-string.

ruby 1.9 includes support strings tagged encodings. in ruby 1.9, could:

params[:q].encoding # rails 3 on 1.9 presents strings in utf-8 params[:q].encode('utf-8') # ask ruby re-encode utf-8

then need convert parameter encoding utf-8 before doing string-interpolation (#{...} syntax).

or need pass parameter sql parameter, not using string-interpolation.

of course, brings security consideration that, unless know how encode text usage in sql, should never string-interpolation build sql string fragments. because sql-fragments parameters quick , easy in rails, should use them.

# rails 2 artist.all(:conditions => ['name ?', "%#{params[:q]}%"]) artist.all(:conditions => ['name :q', { :q=> "%#{params[:q]}%" }])  # rails 3 artist.where('name ?', "%#{params[:q]}") artist.where('name :q', :q => "%#{params[:q]}")

sql injection security problem occurs when string-interpolation , encode strings in way builds correct sql fragments input strings, not others. in languages/frameworks parameters more difficult work with, acceptable string-interpolation or string-building (if remains easy string-interpolation or string-building), long research exhaustively how required encode interpolated strings build correct sql fragments, regardless of input string. because sql injection easy avoid rails via ordered or named parameters (see 4 samples above), should not have problems ensuring sql fragments safe.


Comments

Post a Comment

Popular posts from this blog

asp.net - repeatedly call AddImageUrl(url) to assemble pdf document -

i'm using abcpdf , i'm curious if can recursively call addimageurl() function assemble pdf document compile multiple urls? something like: int pagecount = 0; int theid = thedoc.addimageurl("http://stackoverflow.com/search?q=abcpdf+footer+page+x+out+of+", true, 0, true); //assemble document while (thedoc.chainable(theid)) { thedoc.page = thedoc.addpage(); theid = thedoc.addimagetochain(theid); } pagecount = thedoc.pagecount; console.writeline("1 document page count:" + pagecount); //flatten document (int = 1; <= pagecount; i++) { thedoc.pagenumber = i; thedoc.flatten(); } //now try again theid = thedoc.addimageurl("http://stackoverflow.com/questions/1980890/pdf-report-generation", true, 0, true); //assemble document while (thedoc.chainable(theid)) { thedoc.page = thedoc.addpage(); theid = thedoc.addimagetoc...
Read more

java - Android recognize cell phone with keyboard or not? -

in android app, want detect user's device if device has keyboard(like motorola milestone) , show corresponding user interface. guys know how that? ! regards justicepenny http://developer.android.com/reference/android/content/res/configuration.html public int keyboard the kind of keyboard attached device. 1 of: keyboard_nokeys, keyboard_qwerty, keyboard_12key. that's it!
Read more

iphone - How would you achieve a LED Scrolling effect? -

how achieve led scrolling effect example below? led sign - led ticker emulator iphone , ipad http://img.skitch.com/20101201-rsfh4p1bajb1wp94k466pdpiuj.preview.jpg sometimes remunerates comment in other posts :) have put code you, should implement font '8pin matrix' realistic feeling. uilabel *label; - (void)viewdidload { [super viewdidload]; label = [[uilabel alloc]initwithframe:cgrectmake(10, 50, 300, 20)]; label.font = [uifont fontwithname:@"courier-bold" size:16.0]; label.backgroundcolor = [uicolor blackcolor]; label.textcolor = [uicolor greencolor]; label.linebreakmode = uilinebreakmodecharacterwrap; // otherwise "…" label.text = @"this led text scrolled "; // blanks space between [self.view addsubview:label]; [nstimer scheduledtimerwithtimeinterval:0.12f target:self selector:@selector(scrolllabel) use...
Read more