Rails ActiveRecord - Search on Multiple Attributes

ruby-on-rails ruby-on-rails-3 search activerecord sql-injection

I assumed your model name is Model - just replace it with your real model name when you do the actual query:

Model.where("name LIKE ? OR last_name LIKE ? OR first_name LIKE ?", "%#{search}%","%#{search}%","%#{search}%")

About your worries about SQL injections - both of code snippets are immune to SQL injections. As long as you do not directly embed strings into your WHERE clause you are fine. An example for injection-prone code would be:

Model.where("name LIKE '#{params[:name]}'")

ruby-on-rails ruby-on-rails-3 search activerecord sql-injection

Although the selected answer will work, I noticed that it breaks if you try to type a search "Raul Riera" because it will fail on both cases, because Raul Riera is not either my first name or my last name.. is my first and last name... I solved it by doing

Model.where("lower(first_name || ' ' || last_name) LIKE ?", "%#{search.downcase}%")

ruby-on-rails ruby-on-rails-3 search activerecord sql-injection

With Arel, you can avoid writing the SQL manually with something like this:

Model.where(  %i(name first_name last_name)    .map { |field| Model.arel_table[field].matches("%#{query}%")}    .inject(:or))

This would be particularly useful if the list of fields to match against was dynamic.

CodeHunter

Rails ActiveRecord - Search on Multiple Attributes

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last