0

我想使用活动记录进行此查询,以便使查询免受注入。数据库是 Postgresql。Ruby on Rails 3.2.11

 def find_possible_duplicates(last_name, date_of_birth, organisation_id)
    find_by_sql( 'select c.* from clients c' +
                 ' join locations l on c.location_id = l.id' +
                 " where c.last_name ILIKE #{last_name}" +
                 " and c.date_of_birth = #{date_of_birth}" +
                 " and l.organisation_id = #{organisation_id}" 
 end

任何帮助表示赞赏

4

1 回答 1

2

以下是 Active Record 查询:

 Client.select('clients.*').
 joins('join locations on clients.location_id=locations.id').
 where('last_name like ? and date_of_birth =? and organisation_id = ?',last_name,date_of_birth,organisation_id)
于 2013-01-14T06:27:10.593 回答