1. 首页
  2. 问答
  3. Rails新手:在activerecord中添加条件?

Rails新手:在activerecord中添加条件?

2010-12-03 63 views
0

我有一个用于过滤查询的表单。某些表单属性是可选的;我只是想知道如何将它们附加为主动记录条件,如果(且仅当)它们具有设定值时?Rails新手:在activerecord中添加条件?

其中有相当一部分人,所以我宁愿不对每种潜在价值模式进行单独查询。有什么建议么?

举一个具体的例子:

people = People.paginate(
    :all, 
    :include => [:people_postcodes, :people_specialties, :people_states], 
    :conditions => ["people_specialties.people_type_id = %s AND (people_postcodes.postcode_id = %s OR people_states.state_id = %s)" % [self.people_type_id, postcodeid.id, stateid]], 
    :page => page, 
    :per_page => 16 
)

我将如何最好的去创造只有在可选的“国籍”属性填充一个额外的条件(说“国籍”)?

来源

2010-12-03 PlankTon

回答

2

首先,你的条件有点不安全。你正在做基本的ruby文本替换,这会让站点用户注入他们想要的任何恶意的sql。相反,格式化如下:

people = People.paginate(
    :all, 
    :include => [:people_postcodes, :people_specialties, :people_states], 
    :conditions => ["people_specialties.people_type_id = ? AND (people_postcodes.postcode_id = ? OR people_states.state_id = ?)", self.people_type_id, postcodeid.id, stateid], 
    :page => page, 
    :per_page => 16 
)

要回答你的问题,没有自然的方法来处理Rails 2.x中的另一个条件。我会这样做:

conditions = ["people_specialties.people_type_id = ? AND (people_postcodes.postcode_id = ? OR people_states.state_id = ?)", self.people_type_id, postcodeid.id, stateid] 

if params[:nationality] 
    conditions.first += " and nationality = ?" 
    conditions.push params[:nationality] 
end 

people = People.paginate(
    :all, 
    :include => [:people_postcodes, :people_specialties, :people_states], 
    :conditions => conditions, 
    :page => page, 
    :per_page => 16 
)

在上面的例子中,我假设国籍作为参数传入,但根据需要进行调整。我创建了原始条件数组,然后追加第一个元素(实际条件字符串)并在数组的末尾添加一个元素:国籍值。

我希望这有助于!

来源

2010-12-03 06:00:18

+0

+1为SQL注入信息。希望那里有一个叫做“危险代码”的标签(?),以便新手(和一些老年人)知道代码是“危险的”。 – Zabba 2010-12-03 06:02:38

相关问题

 相关问题