Say*_*awy 4 ruby sql postgresql activerecord ruby-on-rails
我想使用rails活动记录执行原始SQL查询,但是我的查询使用了一个参数,但是我找不到合适的方法来将该参数安全地传递到查询字符串中。查询如下
def self.get_branches_by_workspace_name(workspace_name)
branches = ActiveRecord::Base.connection.execute("
select
address,
phone,
email,
services
from branches as b, workspaces as w
where b.workspace_id = w.id and w.name= :workspace_name", workspace_name).to_a
return branches
end
我想传递一个名为“ workspace_name”的参数。有什么帮助吗?
use*_*467 11
在你的模型之外:
ActiveRecord::Base.connection.execute(
ApplicationRecord.sanitize_sql([query, { param_1: param_1, param_2: param_2 }])
)
小智 7
在您的模型中添加此方法
def self.execute_sql(*sql_array)
connection.execute(send(:sanitize_sql_array, sql_array))
end
这将使您在AR模型中清理并执行任意SQL
然后只需这样做
ModelName.execute_sql("select address,phone,email,services from branches as b, workspaces as w
where b.workspace_id = w.id and w.name= ?", workspace_name)
在你的模型中你可以这样做
sql_command = <<-SQL
SELECT address, phone, email, services
FROM branches as b, workspaces as w
WHERE b.workspace_id = w.id and w.name = :workspace_name
SQL
connection.execute(
sanitize_sql_for_assignment([sql_command, workspace_name: "whatever"])
)
| 归档时间: |
|
| 查看次数: |
5237 次 |
| 最近记录: |