Value isn't appended in puts statement(appears on next line)

[Mrmaster Mrmaster]

Hello,

I have a small script which reads each line from a txt file and appends
it to the puts statement. My problem is that the last single quotation
mark appears on a new line. How would I make it appear on the same line.
I have am completely lost and would appreciate the help. Thanks

File.open("directory") do |file|
while somedigit = file.gets
puts "SQL STATEMENT I MADE UP ='"+somedigit+"'"
end
end

OUTPUT:
-----------------------------------------------------------------
SQL STATEMENT I MADE UP ='000017383712
'
SQL STATEMENT I MADE UP ='000017383738
'
SQL STATEMENT I MADE UP ='000017384033
'
SQL STATEMENT I MADE UP ='000053598777
'

OUTPUT should look
like:-------------------------------------------------
SQL STATEMENT I MADE UP ='000017383712'
SQL STATEMENT I MADE UP ='000017383738'
SQL STATEMENT I MADE UP ='000017384033'
SQL STATEMENT I MADE UP ='000053598777'

 

[Jesús Gabriel y Galán]

Hello,

I have a small script which reads each line from a txt file and appends
it to the puts statement. My problem is that the last single quotation
mark appears on a new line. How would I make it appear on the same line.
I have am completely lost and would appreciate the help. Thanks

File.open("directory") do |file|
=A0 =A0 =A0 =A0while somedigit =3D file.gets

p somedigit

=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0puts "SQL STATEMENT I MADE UP =3D'"+somedi= git+"'"
=A0 =A0 =A0 =A0end
end

I think this will give you a clue on what's going on, and how to move on:

File.open("directory") do |file|
while somedigit =3D file.gets
somedigit.chomp!
puts "SQL STATEMENT I MADE UP =3D'"+somedigit+"'"
end
end

In summary, gets returns the \n at the end of the line, so you should remov=
e it.

Hope this helps,

Jesus.

 

[Mrmaster Mrmaster]

Jesus you are awesome, your solution worked great. Thank you for the
help.

 

[Gary Wright]

puts "SQL STATEMENT I MADE UP =3D'"+somedigit+"'"

A more idiomatic version of that would be:

puts "SQL STATEMENT I MADE UP '#{somedigit}'"

Gary Wright

 

[Mrmaster Mrmaster]

A more idiomatic version of that would be:

puts "SQL STATEMENT I MADE UP '#{somedigit}'"

Gary Wright

Hi Gary,

I tried it your way and it still gives me a new line. I think you still
have to chomp it since the value returned is somedigit\n

 

[Jesús Gabriel y Galán]

Hi Gary,

I tried it your way and it still gives me a new line. I think you still
have to chomp it since the value returned is somedigit\n

Sure, he was just pointing out that string interpolation is more
idiomatic than string concatenation for cases like this one.

Jesus.

 

[Mrmaster Mrmaster]

Sure, he was just pointing out that string interpolation is more
idiomatic than string concatenation for cases like this one.

Jesus.

Your right and sorry about that Gary. I misunderstood what you were
trying to show me . I deal with a lot of cases where values have to be
inserted into sql statement and string interpolation is definitely a
better and cleaner approach.

 

[Gary Wright]

Your right and sorry about that Gary. I misunderstood what you were
trying to show me . I deal with a lot of cases where values have
to be
inserted into sql statement and string interpolation is definitely a
better and cleaner approach.

My comment was just about interpolation vs. concatenation in
general but in the specific case of constructing SQL statements,
I would be *very* careful with string interpolation. It is
quite easy to create an SQL injection vector if you aren't
careful (e.g. http://xkcd.com/327/).

Most SQL frameworks provide a mechanism for constructing
parameterized SQL statements that is almost always better
than constructing the statements via string interpolation.

For example in Rails:
:conditions => ['name = ?', name]
vs.
:conditions => "name = '#{name}'"

Gary Wright

 

[Mrmaster Mrmaster]

Your right and sorry about that Gary. I misunderstood what you were
trying to show me . I deal with a lot of cases where values have
to be
inserted into sql statement and string interpolation is definitely a
better and cleaner approach.

My comment was just about interpolation vs. concatenation in
general but in the specific case of constructing SQL statements,
I would be *very* careful with string interpolation. It is
quite easy to create an SQL injection vector if you aren't
careful (e.g. http://xkcd.com/327/).

Most SQL frameworks provide a mechanism for constructing
parameterized SQL statements that is almost always better
than constructing the statements via string interpolation.

For example in Rails:
:conditions => ['name = ?', name]
vs.
:conditions => "name = '#{name}'"

Gary Wright

The sql statements that I write are mostly basic. I was not aware of sql
injection. I've heard the term but haven't done much research into it.
I'll definitely research more into it. Thanks for the great advice.

 

[Ben Giddings]

Uh-oh. In this case a good overview and starting point
might be http://en.wikipedia.org/wiki/SQL_injection

You only really need to worry about SQL injection if you're getting
the data from an untrusted source. If you're building a web app and
are getting data from a text box on a web site, you're at extreme
risk. If you're only building a personal tool that won't be deployed
anywhere interesting, you're only at a mild risk.

Still, it's good practice to never build executable / SQL statements
by concatenation or interpolation, and instead use placeholders and
parameter binding, as in the DBI module:

dbh.do("INSERT INTO people (id, name, height) VALUES(?, ?, ?)", nil,
"Na'il", 76)
Ben