SQL 查詢連接與 AND insted OR Rails

Question

這是我的代碼

params[:user].keys.each_with_index do |key , index|
            if params[:user].values[index] != ""
                if i == 0
                @users = @event.users.where("networking_content IS NOT NULL AND online_status = ? AND networking_invisible_mode = ? AND users.id != ? ","online",false,current_user.try(:id)).where("#{key} LIKE ?", "%#{params[:user].values[index]}%")
                else
                @users = @users.where("#{key} LIKE ?", "%#{params[:user].values[index]}%")
                end
            end
            i = i+1
        end

這是我得到的查詢

> SELECT `users`.* FROM `users` INNER JOIN `event_users` ON `users`.`id` = `event_users`.`user_id` WHERE `event_users`.`event_id` = __ AND (networking_content IS NOT NULL AND online_status = 'online' AND networking_invisible_mode = FALSE AND users.id != ___ ) AND (country_id LIKE '%someplace%') AND (first_name LIKE '%something%') AND (last_name LIKE '%something%') AND (position LIKE '%something%') LIMIT 15 OFFSET 0

相反，我想要 AND 從最后一個被 OR 替換，我想要這樣的東西

> SELECT `users`.* FROM `users` INNER JOIN `event_users` ON `users`.`id` = `event_users`.`user_id` WHERE `event_users`.`event_id` = __ AND (networking_content IS NOT NULL AND online_status = 'online' AND networking_invisible_mode = FALSE AND users.id != ___ ) AND (country_id LIKE '%someplace%' OR first_name LIKE '%something%' OR last_name LIKE '%something%' OR position LIKE '%something%') LIMIT 15 OFFSET 0

請幫助.......

Answer 1

我設法想出了一個臨時解決方案，

params[:user].keys.each_with_index do |key , index|
            if params[:user].values[index] != ""
                if @users.nil?
                    @users = @event.users.where("networking_content IS NOT NULL AND online_status = ? AND networking_invisible_mode = ? AND users.id != ? ","online",false,current_user.try(:id)).where("#{key} LIKE ?", "%#{params[:user].values[index]}%")
                else
                    @users = @users.or(@event.users.where("networking_content IS NOT NULL AND online_status = ? AND networking_invisible_mode = ? AND users.id != ? ","online",false,current_user.try(:id)).where("#{key} LIKE ?", "%#{params[:user].values[index]}%"))
                end
            end
        end
        @users = @users.page(params[:page]).per(15)

但是還是容易出現 sql 注入不知道現在該怎么辦。