我想使用Rails Active Record执行一个原生的SQL查询,但是我的查询需要一个参数,我找不到一个合适的方法来安全地将该参数传递到查询字符串中。查询如下:
def self.get_branches_by_workspace_name(workspace_name)
branches = ActiveRecord::Base.connection.execute("
select
address,
phone,
email,
services
from branches as b, workspaces as w
where b.workspace_id = w.id and w.name= :workspace_name", workspace_name).to_a
return branches
end
我想传递一个名为“workspace_name”的参数。有什么帮助吗?
send
?sanitize_sql_array
方法是受保护的。 - Tonči D.