Ich beschäftige mich auch gerade mit Datenbanken und in der Doku hier stehts wies geht:
Ruby DBI provides a placeholder mechanism that allows you to avoid including data values literally in a query string. Instead, you use special markers within the statement to indicate where the data values go. When you execute the statement, you provide values to be bound to the placeholders. DBI substitutes the values into the statement where the placeholders appear, performing any quoting of string values and escaping of special characters as necessary. This makes it easy to construct statements without having to know whether or not the values contain special characters, and without having to do any quote processing yourself. The placeholder mechanism also properly handles NULL values; just provide nil as a data value and it will be placed into the statement as an unquoted NULL value.
The following example illustrates how this works. Suppose you want to add a new row to the people table for someone named Na'il (a name that includes a quote), who is 76 inches tall. To indicate where the data values go in the INSERT statement, use '?' placeholder markers (without any surrounding quotes), and provide the data values as additional arguments to do following the statement:
dbh.do("INSERT INTO people (id, name, height) VALUES(?, ?, ?)",
nil, "Na'il", 76)The resulting statement produced by do and sent to the server looks like this:
INSERT INTO people (id,name,height) VALUES(NULL,'Na\'il',76)
Ausprobiert hab ichs nicht, aber hört sich für mich genau nach deinem Problem an
Habs hier her: http://www.kitebird.com/articles/ruby-dbi.html#TOC_1