Ruby UTF8 encoding problem -
i have ruby/rails app.
i have artists table in postgresql database want query name. have artists portuguese characters etc. , having issues querying them.
for example 1 band called legião urbana. if query string "legiã" app following params:
{"action"=>"search_artist", "q"=>"legi\343", "controller"=>"home"} however error query
artist.all(:conditions => "name '%#{params[:q]}%'") pgerror: error: invalid byte sequence encoding "utf8": 0xe32527 what should doing convert utf8 or fix happening somehow?
you need know encoding of parameter in query-string.
ruby 1.9 includes support strings tagged encodings. in ruby 1.9, could:
params[:q].encoding # rails 3 on 1.9 presents strings in utf-8 params[:q].encode('utf-8') # ask ruby re-encode utf-8 then need convert parameter encoding utf-8 before doing string-interpolation (#{...} syntax).
or need pass parameter sql parameter, not using string-interpolation.
of course, brings security consideration that, unless know how encode text usage in sql, should never string-interpolation build sql string fragments. because sql-fragments parameters quick , easy in rails, should use them.
# rails 2 artist.all(:conditions => ['name ?', "%#{params[:q]}%"]) artist.all(:conditions => ['name :q', { :q=> "%#{params[:q]}%" }]) # rails 3 artist.where('name ?', "%#{params[:q]}") artist.where('name :q', :q => "%#{params[:q]}") sql injection security problem occurs when string-interpolation , encode strings in way builds correct sql fragments input strings, not others. in languages/frameworks parameters more difficult work with, acceptable string-interpolation or string-building (if remains easy string-interpolation or string-building), long research exhaustively how required encode interpolated strings build correct sql fragments, regardless of input string. because sql injection easy avoid rails via ordered or named parameters (see 4 samples above), should not have problems ensuring sql fragments safe.
Comments
Post a Comment