find-by-sql

find_by_sql with array format in Rails 3

◇◆丶佛笑我妖孽 提交于 2019-12-18 15:35:36
问题 good day guys! I'm using find_by_sql() in rails 3 to fetch records as follows. @list=Email.find_by_sql(["SELECT * FROM Emails WHERE sent_id=?",params[:id]]) How to modify the same statement if multiple parameter applies for same attribute, say for example : @list=Email.find_by_sql(["SELECT * FROM Emails WHERE (sent_id=? OR from_id=?)",params[:id],params[:id]]) Here, both sent_id and from_id attributes receives same parameter params[:id] So, instead of passing same params[:id] twice, is there

Rails, how to sanitize SQL in find_by_sql

大憨熊 提交于 2019-12-17 16:16:53
问题 Is there a way to sanitize sql in rails method find_by_sql ? I've tried this solution: Ruby on Rails: How to sanitize a string for SQL when not using find? But it fails at Model.execute_sql("Update users set active = 0 where id = 2") It throws an error, but sql code is executed and the user with ID 2 now has a disabled account. Simple find_by_sql also does not work: Model.find_by_sql("UPDATE user set active = 0 where id = 1") # => code executed, user with id 1 have now ban Edit: Well my

Rails, how to sanitize SQL in find_by_sql

廉价感情. 提交于 2019-11-27 22:07:42
Is there a way to sanitize sql in rails method find_by_sql ? I've tried this solution: Ruby on Rails: How to sanitize a string for SQL when not using find? But it fails at Model.execute_sql("Update users set active = 0 where id = 2") It throws an error, but sql code is executed and the user with ID 2 now has a disabled account. Simple find_by_sql also does not work: Model.find_by_sql("UPDATE user set active = 0 where id = 1") # => code executed, user with id 1 have now ban Edit: Well my client requested to make that function (select by sql) in admin panel to make some complex query(joins,
订阅 find-by-sql