I am trying to enter a letter given by the get request into a Like statment in tails 3. So far I have the following code:
@entries = Entry.where("key LIKE '?%'", params[:letter]).order(:key)
Problem is it is creating the wrong kind of sql query adding quotation marks around the injected letter. it creates the following sql for :letter => 'a':
SELECT "entries".* FROM "entries" WHERE (key LIKE ''a'%') ORDER BY key
Instead of:
SELECT "entries".* FROM "entries" WHERE (key LIKE 'a%') ORDER BY key
How can I fix this?
@entries = Entry.where("key LIKE ?", "#{params[:letter]}%").order(:key)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.