1

I run a insert statement on ruby on rails. But failed. This is the code: 

class BookmarkController < ApplicationController
  def index

    if request.post?
    @user_new = Bookmark.new(params[:user_new])
    tags = @user_new.tags.split(",")
    @user_new = Bookmark.new(params[:user_new])
    query = "INSERT INTO bookmark (title , url, tags) VALUES (#{@user_new.title}, #{@user_new.url}, #{tags[0]})  "

    Bookmark.connection.execute(query);

    end   

  end

But the output is : 

ActiveRecord::StatementInvalid in BookmarkController#index

SQLite3::SQLException: near ".": syntax error: INSERT INTO bookmark (title , url, tags) VALUES (abhir, www.mrabhiram.tumblr.com, tumblr)

Can anyone suggest me the proper way to insert records using SQL insert statement?

Improve this question
1
  • Raw SQL should never be in the controller. Also, you're duplicating functionality that comes with ActiveRecord. I recommend reading the ActiveRecord guide. Commented Dec 13, 2012 at 10:26

3 Answers 3

Reset to default
2

Assuming Bookmark is subclassed from ActiveRecord, AR will save this for you - no need to write custom SQL - the save method will take care of this. You can read more about relevant ActiveRecord functionality here

class BookmarkController < ApplicationController
  def index

    if request.post?
    @user_new = Bookmark.new(params[:user_new])
    tags = @user_new.tags.split(",")
    @user_new = Bookmark.new(params[:user_new])
    #query = "INSERT INTO bookmark (title , url, tags) VALUES (#{@user_new.title}, #{@user_new.url}, #{tags[0]})  "

    #Bookmark.connection.execute(query);
    # The save method will insert the record into the database.
    @user_new.save()    

    end   

  end
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

You can write

    MOdel.connection.insert("INSERT INTO table_name(fields) VALUES('value')")

it's working...

Improve this answer

1 Comment

@Mandeep_Singh how do we commit/ save this insertion?
0

You need quotes on your 'values' data. Something like:

query = "INSERT INTO bookmark (title , url, tags) VALUES ('#{@user_new.title}', '#{@user_new.url}', '#{tags[0]}')  "
Improve this answer

2 Comments

Don’t use this code! It is a classic example of SQL injection. Your users will be able to execute arbitrary SQL commands on your database.
This answer will work here and is correct syntax, but as mentioned, you wouldn't want to do it here because it is unsafe and there are much better Rails ways to accomplish the same thing.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.