参数化加入Rails 4 [英] Parametrized join in Rails 4
本文介绍了参数化加入Rails 4的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在做手册join
,我需要将参数传递给它的ON
子句:
I am doing manual join
and I need to pass a parameter to its ON
clause:
Foo.joins("LEFT OUTER JOIN bars ON foos.id = bars.foo_id AND bars.baz = #{baz}")
是否有一种方法可以传递baz
作为参数,以避免潜在的注入问题?有一种方法sanitize_sql_array
,但是我不确定在这种情况下如何使用它.
Is there a way to pass baz
as a parameter, to avoid potential injection problems? There is a method sanitize_sql_array
, but I'm not sure how to make use of it in this case.
注意:我不能使用where
,因为它不一样.
Note: I can't use where
because it's not the same.
推荐答案
使用sanitize_sql_array,结果将是:
With sanitize_sql_array, that would be:
# Warning: sanitize_sql_array is a protected method, be aware of that to properly use it in your code
ar = ["LEFT OUTER JOIN bars ON foos.id = bars.foo_id AND bars.baz = %s", baz]
# Within foo model:
sanitized_sql = sanitize_sql_array(ar)
Foo.joins(sanitized_sql)
尝试了一下,就奏效了.
Tried it and it worked.
这篇关于参数化加入Rails 4的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文