0

I have this model

class Post < ActiveRecord::Base
  attr_accessible :content, :title, :user_id

  belongs_to :user

  def self.text_search(query)
    if query.present?
      rank = <<-RANK
        ts_rank(to_tsvector(title), plainto_tsquery(#{sanitize(query)})) +
        ts_rank(to_tsvector(content), plainto_tsquery(#{sanitize(query)}))
      RANK
      where("to_tsvector('english', title) @@ :q or
        to_tsvector('english', content) @@ :q", q: sanitize(query)).order("#{rank} desc")
    else
      scoped
    end 
  end 

end

and I have this method call

Post.text_search("Where is the safest place")

Question: why is it that it that the query does not escape the double quotes when being called in SQL? As shown here:

  Post Load (2.4ms)  SELECT "posts".* FROM "posts" WHERE (to_tsvector('english', title) @@ '''Where is the safest place''' or
 to_tsvector('english', content) @@ '''Where is the safest place''') ORDER BY ts_rank(to_tsvector(title), plainto_tsquery('Where is the safest place')) +
 ts_rank(to_tsvector(content), plainto_tsquery('Where is the safest place'))
4

1 回答 1

1

刚刚将 ":q" 绑定包装在 "plainto_tsquery()" 中

where("to_tsvector('english', title) @@ :q or
        to_tsvector('english', content) @@ plainto_tsquery(:q)", q: query).order("#{rank} desc")
于 2013-03-29T10:13:15.947 回答