How to preserve quotes in a Rails form submission?

How does one preserve the original quotes? The quotes are required when submitting a quoted search string, for example.

• Search form example1: ruby "new york"
• Search from example2: "new york"

Resulting params[:q]:

• for example1: "ruby \"new york\""
• for example2: "new york"

Note that Rails throws away quotes if the entire strin开发者_StackOverflow中文版g is quoted, as in example2. But in example1, the quotes are preserved since they are interspersed within the string. I need example2 to preserve the quotes so I see params[:q] as "\"new york\"".

Are you talking about sql injectioning you want to search using "test me" and not "\"test me"\".

Use following to search

@users = User.find(:all, :conditions=>["(username like :text)",{:text=>"%#{params[:search_text]}%"}]) 

This was a Rails bug that has long since been fixed.