Safe ActiveRecord like query Safe ActiveRecord like query ruby ruby

Safe ActiveRecord like query


ruby activerecord ruby-on-rails-4

To ensure that your query string gets properly sanitized, use the array or the hash query syntax to describe your conditions:

Foo.where("bar LIKE ?", "%#{query}%")

or:

Foo.where("bar LIKE :query", query: "%#{query}%")

If it is possible that the query might include the % character then you need to sanitize query with sanitize_sql_like first:

Foo.where("bar LIKE ?", "%#{sanitize_sql_like(query)}%")Foo.where("bar LIKE :query", query: "%#{sanitize_sql_like(query)}%")

ruby activerecord ruby-on-rails-4

Using Arel you can perform this safe and portable query:

title = Model.arel_table[:title]Model.where(title.matches("%#{query}%"))

ruby activerecord ruby-on-rails-4

For PostgreSQL it will be

Foo.where("bar ILIKE ?", "%#{query}%")

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last