![](/img/trans.png)
[英]How to write this sql query in Ruby Join query (Ruby on Rails)
[英]SQL query join with AND insted OR Rails
這是我的代碼
params[:user].keys.each_with_index do |key , index|
if params[:user].values[index] != ""
if i == 0
@users = @event.users.where("networking_content IS NOT NULL AND online_status = ? AND networking_invisible_mode = ? AND users.id != ? ","online",false,current_user.try(:id)).where("#{key} LIKE ?", "%#{params[:user].values[index]}%")
else
@users = @users.where("#{key} LIKE ?", "%#{params[:user].values[index]}%")
end
end
i = i+1
end
這是我得到的查詢
> SELECT `users`.* FROM `users` INNER JOIN `event_users` ON `users`.`id` = `event_users`.`user_id` WHERE `event_users`.`event_id` = __ AND (networking_content IS NOT NULL AND online_status = 'online' AND networking_invisible_mode = FALSE AND users.id != ___ ) AND (country_id LIKE '%someplace%') AND (first_name LIKE '%something%') AND (last_name LIKE '%something%') AND (position LIKE '%something%') LIMIT 15 OFFSET 0
相反,我想要 AND 從最后一個被 OR 替換,我想要這樣的東西
> SELECT `users`.* FROM `users` INNER JOIN `event_users` ON `users`.`id` = `event_users`.`user_id` WHERE `event_users`.`event_id` = __ AND (networking_content IS NOT NULL AND online_status = 'online' AND networking_invisible_mode = FALSE AND users.id != ___ ) AND (country_id LIKE '%someplace%' OR first_name LIKE '%something%' OR last_name LIKE '%something%' OR position LIKE '%something%') LIMIT 15 OFFSET 0
請幫助.......
我設法想出了一個臨時解決方案,
params[:user].keys.each_with_index do |key , index|
if params[:user].values[index] != ""
if @users.nil?
@users = @event.users.where("networking_content IS NOT NULL AND online_status = ? AND networking_invisible_mode = ? AND users.id != ? ","online",false,current_user.try(:id)).where("#{key} LIKE ?", "%#{params[:user].values[index]}%")
else
@users = @users.or(@event.users.where("networking_content IS NOT NULL AND online_status = ? AND networking_invisible_mode = ? AND users.id != ? ","online",false,current_user.try(:id)).where("#{key} LIKE ?", "%#{params[:user].values[index]}%"))
end
end
end
@users = @users.page(params[:page]).per(15)
但是還是容易出現 sql 注入不知道現在該怎么辦。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.