参数化加入Rails 4 [英] Parametrized join in Rails 4

问题描述

我正在做手册join，我需要将参数传递给它的ON子句:

I am doing manual join and I need to pass a parameter to its ON clause:

Foo.joins("LEFT OUTER JOIN bars ON foos.id = bars.foo_id AND bars.baz = #{baz}")

是否有一种方法可以传递baz作为参数，以避免潜在的注入问题?有一种方法sanitize_sql_array，但是我不确定在这种情况下如何使用它.

Is there a way to pass baz as a parameter, to avoid potential injection problems? There is a method sanitize_sql_array, but I'm not sure how to make use of it in this case.

注意:我不能使用where，因为它不一样.

Note: I can't use where because it's not the same.

推荐答案

使用sanitize_sql_array，结果将是:

With sanitize_sql_array, that would be:

# Warning: sanitize_sql_array is a protected method, be aware of that to properly use it in your code
ar = ["LEFT OUTER JOIN bars ON foos.id = bars.foo_id AND bars.baz = %s", baz]
# Within foo model:
sanitized_sql = sanitize_sql_array(ar)
Foo.joins(sanitized_sql)

尝试了一下，就奏效了.

Tried it and it worked.

这篇关于参数化加入Rails 4的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！