[英]Upgrade to Rails 4.2.0: string literals in where conditions wrapped into quotation marks
[英]Rails string injection adds quotations marks
我正在嘗試將由get請求給出的字母輸入到尾部3的Like語句中。到目前為止,我具有以下代碼:
@entries = Entry.where("key LIKE '?%'", params[:letter]).order(:key)
問題是它正在創建錯誤類型的sql查詢,並在注入的字母周圍添加了引號。 它為:letter =>'a'創建以下sql:
SELECT "entries".* FROM "entries" WHERE (key LIKE ''a'%') ORDER BY key
代替:
SELECT "entries".* FROM "entries" WHERE (key LIKE 'a%') ORDER BY key
我怎樣才能解決這個問題?
@entries = Entry.where("key LIKE ?", "#{params[:letter]}%").order(:key)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.