使用rails搜索数组整数列
[英]Searching through array integer column with rails
问题描述
in my app I have table users that have the following column: 
在我的应用程序中,我具有具有以下列的表用户:
t.integer "administrations", array: true
and I have code that looks like this: 我有看起来像这样的代码:
User.where("administrations::int[] = ARRAY[#{administration_ids.join(',') }]::int[]")
but it is vulnerable for sql injection. 但是它容易受到sql注入的攻击。 I was trying to rewrite those to something like that: 我试图将它们重写为类似的内容:
User.where("administrations::int[] = ?", "ARRAY[#{administration_ids.join(',') }]::int[]")
but this not works... 但这行不通...
It returns: 它返回:
PG::InvalidTextRepresentation: ERROR: array value must start with "{" or dimension information
2 个解决方案
解决方案1
1 2015-07-21 19:31:12
would 将
User.where("administrations::int[] = ARRAY[?]::int[]", administration_ids.join(','))
work? 工作?
解决方案2
0 2015-07-21 19:37:12
也像这样的工作:
User.where(administrations: '{15,26,62,89,121}')
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Rails搜索数组列和SQL注入 - Rails searching through array column and SQL injection
Rails列与整数数组的关联 - Rails column association with integer array
Rails 3使用数组搜索字符串 - Rails 3 Searching through a string using an array
使用rails迁移错误添加整数数组列 - Adding integer array column with rails migration error
Rails 迁移 - 将整数列更改为数组整数 - Postgres - Rails Migration - Change Integer Column to Array Integer - Postgres
在rails中将字符串列数组转换为整数列数组 - Transforming an array of strings column to an array of integer column in rails
在 Rails 中搜索表连接 - Searching through Table connections in Rails
在Rails中搜索大型数据集 - Searching through large dataset in Rails
Rails:通过关联搜索(查询) - Rails: Searching (query) through associations
优化Rails数据库搜索 - Optimize Searching Through Rails Database
相关标签