How can i write a insert statement in ruby on rails?

Question

I run a insert statement on ruby on rails. But failed. This is the code:

class BookmarkController < ApplicationController
  def index

    if request.post?
    @user_new = Bookmark.new(params[:user_new])
    tags = @user_new.tags.split(",")
    @user_new = Bookmark.new(params[:user_new])
    query = "INSERT INTO bookmark (title , url, tags) VALUES (#{@user_new.title}, #{@user_new.url}, #{tags[0]})  "

    Bookmark.connection.execute(query);

    end   

  end

But the output is :

ActiveRecord::StatementInvalid in BookmarkController#index

SQLite3::SQLException: near ".": syntax error: INSERT INTO bookmark (title , url, tags) VALUES (abhir, www.mrabhiram.tumblr.com, tumblr)

Can anyone suggest me the proper way to insert records using SQL insert statement?

Raw SQL should never be in the controller. Also, you're duplicating functionality that comes with ActiveRecord. I recommend reading the [ActiveRecord guide](http://guides.rubyonrails.org/active_record_querying.html). — Mark Thomas, Dec 13 '12 at 10:26

score 2 · Answer 1 · answered Dec 12 '12 at 18:04

Assuming Bookmark is subclassed from ActiveRecord, AR will save this for you - no need to write custom SQL - the save method will take care of this. You can read more about relevant ActiveRecord functionality here

class BookmarkController < ApplicationController
  def index

    if request.post?
    @user_new = Bookmark.new(params[:user_new])
    tags = @user_new.tags.split(",")
    @user_new = Bookmark.new(params[:user_new])
    #query = "INSERT INTO bookmark (title , url, tags) VALUES (#{@user_new.title}, #{@user_new.url}, #{tags[0]})  "

    #Bookmark.connection.execute(query);
    # The save method will insert the record into the database.
    @user_new.save()    

    end   

  end

score 2 · Answer 2 · answered Jan 31 '14 at 06:48

2

You can write

    MOdel.connection.insert("INSERT INTO table_name(fields) VALUES('value')")

it's working...

answered Jan 31 '14 at 06:48

Mandeep Singh

983
8
9

@Mandeep_Singh how do we commit/ save this insertion? – Ganga Aug 19 '19 at 10:33

score 0 · Answer 3 · answered Dec 12 '12 at 17:45

0

You need quotes on your 'values' data. Something like:

query = "INSERT INTO bookmark (title , url, tags) VALUES ('#{@user_new.title}', '#{@user_new.url}', '#{tags[0]}')  "

answered Dec 12 '12 at 17:45

Michael Durrant

93,410
97
333
497

4

Don’t use this code! It is a classic example of SQL injection. Your users will be able to execute arbitrary SQL commands on your database. – Simon Perepelitsa Apr 13 '15 at 12:23
This answer will work here and is correct syntax, but as mentioned, you wouldn't want to do it here because it is unsafe and there are much better Rails ways to accomplish the same thing. – bigtex777 Aug 07 '17 at 18:22

How can i write a insert statement in ruby on rails?

3 Answers3