在ruby on rails中向原始SQL查询传递参数

x6h2sr28  于 2023-10-18  发布在  Ruby
关注(0)|答案(3)|浏览(126)

我想使用rails活动记录执行一个原始SQL查询,但我的查询需要一个参数,我找不到一个合适的方法来安全地将该参数传递到查询字符串中。查询如下

  1. def self.get_branches_by_workspace_name(workspace_name)
  2.   branches = ActiveRecord::Base.connection.execute("
  3.     select
  4.       address,
  5.       phone,
  6.       email,
  7.       services
  8.     from branches as b, workspaces as w
  9.     where b.workspace_id = w.id and w.name= :workspace_name", workspace_name).to_a
  10.   return branches
  11. end

我想传递一个名为“workspace_name”的参数。有什么需要帮忙的吗?

ruby

3条答案

按热度按时间
bwntbbo3

bwntbbo31#

在您的模型中添加此方法

  1. def self.execute_sql(*sql_array)     
  2.    connection.execute(sanitize_sql_array(sql_array))
  3.   end

这将允许您在AR模型中清理和执行任意SQL
然后运行类似于下面的代码来执行SQL,返回一个哈希数组,查询返回的每行一个哈希

  1. ModelName.execute_sql("select address,phone,email,services from branches as b, workspaces as w 
  2.     where b.workspace_id = w.id and w.name= ?", workspace_name)
  4. # => [{"address"=>"...","phone"=>"...","email"=>"...","services"=>"..."}, ...]
赞(0)分享  回复(0)举报  2023-10-18
hts6caw3

hts6caw32#

在您的模型之外:

  1. ActiveRecord::Base.connection.execute(
  2.   ApplicationRecord.sanitize_sql([query, { param_1: param_1, param_2: param_2 }])
  3. )
赞(0)分享  回复(0)举报  2023-10-18
mf98qq94

mf98qq943#

在你的模型中你可以这样做

  1. sql_command = <<-SQL
  2.     SELECT address, phone, email, services
  3.     FROM branches as b, workspaces as w
  4.     WHERE b.workspace_id = w.id and w.name = :workspace_name
  5.   SQL
  7.   connection.execute(
  8.     sanitize_sql_for_assignment([sql_command, workspace_name: "whatever"])
  9.   )
赞(0)分享  回复(0)举报  2023-10-18
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com