search for a vehicle by vin, make, model, or year, plus sql sanitization

2026-04-02 07:01:59 -04:00 · 2026-02-21 08:33:59 -05:00
parent a73b6cd438
commit 6db87dd551
3 changed files with 6 additions and 5 deletions
--- a/app/models/vehicle.rb
+++ b/app/models/vehicle.rb
@@ -50,9 +50,10 @@ class Vehicle < ActiveRecord::Base
    write_attribute(:vin, val)
  end
  
-  # search for a vin
-  def self.search(search)
-    where("vin LIKE ?", "%#{search}%")
+  # search for a vehicle by vin, make, model, or year
+  def self.search(query)
+    q = sanitize_sql_like(query)
+    where("vin LIKE ? OR make LIKE ? OR model LIKE ? OR year LIKE ?", "%#{q}%", "%#{q}%", "%#{q}%", "%#{q}%") 
  end
 	
  # decodes a vin and updates self