refactored tsquery sql to use rails escaping mechanisms

2013-03-07 16:34:12 -05:00
parent b7a5612c82
commit 2338f004eb
10 changed files with 23 additions and 21 deletions
--- a/app/models/note.rb
+++ b/app/models/note.rb
@@ -19,11 +19,11 @@ class Note < ActiveRecord::Base
    end
    
    def body_matches(query)
-      where("body_index @@ plainto_tsquery(?)", query.scan(/\S+/).join(" & "))
+      where("body_index @@ plainto_tsquery(E?)", query.to_escaped_for_tsquery_split)
    end
    
    def post_tags_match(query)
-      joins(:post).where("posts.tag_index @@ to_tsquery('danbooru', ?)", query)
+      joins(:post).where("posts.tag_index @@ to_tsquery('danbooru', E?)", query.to_escaped_for_tsquery_split)
    end
    
    def creator_name(name)