Hello,
I have a small script which reads each line from a txt file and appends
it to the puts statement. My problem is that the last single quotation
mark appears on a new line. How would I make it appear on the same line.
I have am completely lost and would appreciate the help. Thanks
File.open("directory") do |file|
while somedigit = file.gets
puts "SQL STATEMENT I MADE UP ='"+somedigit+"'"
end
end
OUTPUT:
···
-----------------------------------------------------------------
SQL STATEMENT I MADE UP ='000017383712
'
SQL STATEMENT I MADE UP ='000017383738
'
SQL STATEMENT I MADE UP ='000017384033
'
SQL STATEMENT I MADE UP ='000053598777
'
OUTPUT should look
like:-------------------------------------------------
SQL STATEMENT I MADE UP ='000017383712'
SQL STATEMENT I MADE UP ='000017383738'
SQL STATEMENT I MADE UP ='000017384033'
SQL STATEMENT I MADE UP ='000053598777'
--
Posted via http://www.ruby-forum.com/.
Hello,
I have a small script which reads each line from a txt file and appends
it to the puts statement. My problem is that the last single quotation
mark appears on a new line. How would I make it appear on the same line.
I have am completely lost and would appreciate the help. Thanks
File.open("directory") do |file|
while somedigit = file.gets
p somedigit
puts "SQL STATEMENT I MADE UP ='"\+somedigit\+"'"
end
end
I think this will give you a clue on what's going on, and how to move on:
File.open("directory") do |file|
while somedigit = file.gets
somedigit.chomp!
puts "SQL STATEMENT I MADE UP ='"+somedigit+"'"
end
end
In summary, gets returns the \n at the end of the line, so you should remove it.
Hope this helps,
Jesus.
···
On Thu, Sep 17, 2009 at 8:51 PM, Mrmaster Mrmaster <mrsolarlife@gmail.com> wrote:
Jesus you are awesome, your solution worked great. Thank you for the
help.
···
--
Posted via http://www.ruby-forum.com/.
A more idiomatic version of that would be:
puts "SQL STATEMENT I MADE UP '#{somedigit}'"
Gary Wright
···
On Sep 17, 2009, at 3:01 PM, Jesús Gabriel y Galán wrote:
puts "SQL STATEMENT I MADE UP ='"+somedigit+"'"
This form of file reading is somewhat more succinct:
File.foreach('filename') do |line|
line.chomp
line.do_something_with_me
end
···
At 2009-09-17 03:01PM, "Jesús Gabriel y Galán" wrote:
File.open("directory") do |file|
while somedigit =3D file.gets
somedigit.chomp!
puts "SQL STATEMENT I MADE UP =3D'"+somedigit+"'"
end
end
In summary, gets returns the \n at the end of the line, so you should remov=
e it.
--
Glenn Jackman
Write a wise saying and your name will live forever. -- Anonymous
Sure, he was just pointing out that string interpolation is more
idiomatic than string concatenation for cases like this one.
Jesus.
···
On Thu, Sep 17, 2009 at 10:16 PM, Mrmaster Mrmaster <mrsolarlife@gmail.com> wrote:
Gary Wright wrote:
On Sep 17, 2009, at 3:01 PM, Jes�s Gabriel y Gal�n wrote:
puts "SQL STATEMENT I MADE UP ='"\+somedigit\+"'"
A more idiomatic version of that would be:
puts "SQL STATEMENT I MADE UP '\#\{somedigit\}'"
Gary Wright
Hi Gary,
I tried it your way and it still gives me a new line. I think you still
have to chomp it since the value returned is somedigit\n
Jesús Gabriel y Galán wrote:
···
On Thu, Sep 17, 2009 at 10:16 PM, Mrmaster Mrmaster > <mrsolarlife@gmail.com> wrote:
Hi Gary,
I tried it your way and it still gives me a new line. I think you still
have to chomp it since the value returned is somedigit\n
Sure, he was just pointing out that string interpolation is more
idiomatic than string concatenation for cases like this one.
Jesus.
Your right and sorry about that Gary. I misunderstood what you were
trying to show me :). I deal with a lot of cases where values have to be
inserted into sql statement and string interpolation is definitely a
better and cleaner approach.
--
Posted via http://www.ruby-forum.com/\.
My comment was just about interpolation vs. concatenation in
general but in the specific case of constructing SQL statements,
I would be *very* careful with string interpolation. It is
quite easy to create an SQL injection vector if you aren't
careful (e.g. http://xkcd.com/327/\).
Most SQL frameworks provide a mechanism for constructing
parameterized SQL statements that is almost always better
than constructing the statements via string interpolation.
For example in Rails:
:conditions => ['name = ?', name]
vs.
:conditions => "name = '#{name}'"
Gary Wright
···
On Sep 17, 2009, at 4:36 PM, Mrmaster Mrmaster wrote:
Your right and sorry about that Gary. I misunderstood what you were
trying to show me :). I deal with a lot of cases where values have to be
inserted into sql statement and string interpolation is definitely a
better and cleaner approach.
Mrmaster Mrmaster:
The sql statements that I write are mostly basic. I was not aware of
sql injection. I've heard the term but haven't done much research into
it. I'll definitely research more into it.
Uh-oh. In this case a good overview and starting point
might be SQL injection - Wikipedia
— Shot
···
--
Some humans would do anything to see if it was possible to do
it. If you put a large switch in some cave somewhere, with a sign
on it saying ‘End-of-the-World Switch. PLEASE DO NOT TOUCH’, the
paint wouldn’t even have time to dry. [Terry Pratchett]
You only really need to worry about SQL injection if you're getting the data from an untrusted source. If you're building a web app and are getting data from a text box on a web site, you're at extreme risk. If you're only building a personal tool that won't be deployed anywhere interesting, you're only at a mild risk.
Still, it's good practice to never build executable / SQL statements by concatenation or interpolation, and instead use placeholders and parameter binding, as in the DBI module:
dbh.do("INSERT INTO people (id, name, height) VALUES(?, ?, ?)", nil, "Na'il", 76)
Ben
···
On Sep 17, 2009, at 17:59, Shot (Piotr Szotkowski) wrote:
Uh-oh. In this case a good overview and starting point
might be SQL injection - Wikipedia