How to use the '?' symbol in a MySQL select in Ruby On Rails?
Question
I need to get the pertinence of a MySQL Fulltext search in my Rails 4.2 app. So I need an alias (pertinence) in the select clause.
The problem is to use the '?' symbol as in a where clause, but in a select:
Model.select("articles.*, MATCH (name) AGAINST (? IN BOOLEAN MODE) AS pertinence", @search).where(...).order("pertinence DESC")
If I do:
Model.select('articles.*, MATCH (name) AGAINST ("' + @search + '" IN BOOLEAN MODE) AS pertinence').where(...).order("pertinence DESC")
I can have issues with quotes in @search (no sanitization) and SQL injection.
So how to perform this kind of queries with Active Record ?
Thanks
1 answers
solution1
1 ACCPTED 2016-02-17 04:42:38
You can manually sanitize the search parameter.
search_param = ActiveRecord::Base::sanitize(@search)
Model.select("articles.*, MATCH (name) AGAINST (#{search_param} IN BOOLEAN MODE) AS pertinence").where(...).order("pertinence DESC")
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
How to use the load command with MySQL in Ruby/Rails?
Ruby on Rails: “SELECT” MySQL command
How to use SELECT DISTINCT ON with MySQL and Rails
How to connect Ruby on Rails to MySQL using ruby-mysql [on hold]
Can i use MAMP (MySQL) or XAMPP (MySQL) with Ruby on Rails 3?
Ruby on Rails export to csv - maintain mysql select statement order
Ruby on Rails MySQL select page undefined method `each' for nil:NilClass
how to check the mysql connectivity in ruby on rails
How to escape for MYSQL queries from Ruby on Rails?
How do you connect MySQL to Ruby on Rails?
Related Tags