Mla*_*vić 14 parameters ruby-on-rails left-join ruby-on-rails-4
我正在做手动join,我需要将一个参数传递给它的ON子句:
Foo.joins("LEFT OUTER JOIN bars ON foos.id = bars.foo_id AND bars.baz = #{baz}")
有没有办法baz作为参数传递,以避免潜在的注入问题?有一种方法sanitize_sql_array,但我不知道在这种情况下如何使用它.
注意:我不能使用,where因为它不一样.
Kul*_*gar 13
使用sanitize_sql_array,那将是:
# Warning: sanitize_sql_array is a protected method, be aware of that to properly use it in your code
ar = ["LEFT OUTER JOIN bars ON foos.id = bars.foo_id AND bars.baz = %s", baz]
# Within foo model:
sanitized_sql = sanitize_sql_array(ar)
Foo.joins(sanitized_sql)
尝试过,它有效.
ddg*_*dgd 10
活动记录模型有sanitize类方法,所以你可以这样做:
Foo.joins("LEFT OUTER JOIN bars ON foos.id = bars.foo_id AND bars.baz = #{Foo.sanitize(baz)}")
__
它已被删除起始轨道5.1,ActiveRecord::Base.connection.quote()而是使用
| 归档时间: |
|
| 查看次数: |
4029 次 |
| 最近记录: |