Replace example with SQL placeholder syntax.

This works just fine, is less code, and reduces the risk of someone implementing a SQL injection vulnerability.
author: Joost Baaij <joost@spacebabies.nl> 2011-11-08 16:27:15 +0100
committer: Joost Baaij <joost@spacebabies.nl> 2011-11-08 16:27:15 +0100
commit: 1ffd5ec91069167043c8ecd0d949098f566d88eb (patch)
tree: ea9c0a74da33bb460e53967c2da5d814b47c1ade /railties/guides/source
parent: 979f3f894bf1034d4e9ee5ab9e285713f63c2824 (diff)
download: rails-1ffd5ec91069167043c8ecd0d949098f566d88eb.tar.gz
rails-1ffd5ec91069167043c8ecd0d949098f566d88eb.tar.bz2
rails-1ffd5ec91069167043c8ecd0d949098f566d88eb.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/railties/guides/source/association_basics.textile b/railties/guides/source/association_basics.textile
index 6829eb8ef4..451653655f 100644
--- a/railties/guides/source/association_basics.textile
+++ b/railties/guides/source/association_basics.textile
@@ -1234,7 +1234,7 @@ If you need to evaluate conditions dynamically at runtime, use a proc:
 <ruby>
 class Customer < ActiveRecord::Base
   has_many :latest_orders, :class_name => "Order",
-    :conditions => proc { "orders.created_at > #{10.hours.ago.to_s(:db).inspect}" }
+    :conditions => proc { ["orders.created_at > ?, 10.hours.ago] }
 end
 </ruby>
author	Joost Baaij <joost@spacebabies.nl>	2011-11-08 16:27:15 +0100
committer	Joost Baaij <joost@spacebabies.nl>	2011-11-08 16:27:15 +0100
commit	1ffd5ec91069167043c8ecd0d949098f566d88eb (patch)
tree	ea9c0a74da33bb460e53967c2da5d814b47c1ade /railties/guides/source
parent	979f3f894bf1034d4e9ee5ab9e285713f63c2824 (diff)
download	rails-1ffd5ec91069167043c8ecd0d949098f566d88eb.tar.gz rails-1ffd5ec91069167043c8ecd0d949098f566d88eb.tar.bz2 rails-1ffd5ec91069167043c8ecd0d949098f566d88eb.zip