Michael J. I. Jackson wrote:
> Sorry, it was just a guess! Those place holders are obviously only for
> user values then. You'll just have to use quote_column_name to
> interpolate the string manually.

Or keep it simple:

    def col(colname)
      raise ArgumentError, "Bad column name" unless colname =~ /\A\w+\z/
      colname
    end

    Address.find(:all, :conditions => ["#{col(c)} LIKE ?","Luehr" ])

Personally I would be uncomfortable allowing users to query on 
absolutely any column, even one that I had not indexed or was perhaps 
used for internal or auditing purposes. So I would prefer:

    ALLOWED_COLS = {
      'first_name' => true,
      'last_name' => true,
    }.freeze
    def col(colname)
      raise ArgumentError, "Bad column name" unless 
ALLOWED_COLS[colname]
      colname
    end
-- 
Posted via http://www.ruby-forum.com/.