如何将以下 SQL 查询转换为 ActiveRecord 查询以减少 SQL 注入(inject)?
jacket_colors ||= [2,21,25,20]
jacket_types = JacketType.find_by_sql(<<-SQL)
SELECT j2.*, t1.no_count
FROM jeans j2
INNER JOIN (
SELECT
j1.jean_id AS jean_id,
COUNT(j1.id) AS no_count
FROM tracks t
INNER JOIN jacket_types j1 ON j1.track_id = t.id
INNER JOIN jeans j2 ON j2.id = j1.jean_id
WHERE t.status = 0
AND j1.status IN (#{jacket_colors})
AND t.type != 'TrekkingTrack'
GROUP BY j1.jean_id
HAVING COUNT(j1.id) > 0
) t1 ON t1.jean_id = j2.id
SQL
jacket_types 因用户输入而异。
我尝试了以下方法,但这不起作用并生成了不正确的 SQL。
jacket_colors ||= [2,21,25,20]
Jean.joins(:jacket_types, :track)
.select('jeans.jacket_types_id AS jacket_types_id, COUNT(jeans.id) AS no_count').
where('jeans.status IN (?) AND tracks.status = ? AND tracks.type != ?', jacket_colors, 0, 'TrekkingTrack')
.group('jeans.jacket_types_id')
.having('COUNT(jeans.id) > ?', 0)
.select('jacket_types.*, tracks.no_count').explain
最佳答案
请尝试一下,我认为它会起作用。
Rails 查询版本:
jacket_colors ||= [2,21,25,20]
Jean.joins(:jacket_types => :track)
.where('jeans.status IN (?) AND tracks.status = ? AND tracks.type != ?',
jacket_colors, 0, 'TrekkingTrack').group('jeans.jacket_types_id')
.select('jacket_types.column1, jacket_types.column2, .....,
count(jacket_types) no_count').having("no_count > 0")
的
jacket_colors ||= [2,21,25,20]
jacket_types = JacketType.find_by_sql(<<-SQL)
SELECT j2.*, t1.no_count
FROM jeans j2
INNER JOIN (
SELECT
j1.jean_id AS jean_id,
COUNT(j1.id) AS no_count
FROM tracks t
INNER JOIN jacket_types j1 ON j1.track_id = t.id
INNER JOIN jeans j2 ON j2.id = j1.jean_id
WHERE t.status = 0
AND j1.status IN (#{jacket_colors})
AND t.type != 'TrekkingTrack'
GROUP BY j1.jean_id
HAVING COUNT(j1.id) > 0
) t1 ON t1.jean_id = j2.id
SQL
关于mysql - 将 SQL 转换为 ActiveRecord 查询,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/22607669/