我正面临着数据中存在这样的问题。搜索时不显示数据。我想删除SQL注入问题 代码::MySql Query ::如何解决数据中的问题,当查询被触发时
@search_condition = ""
if !search_text.nil?
search_field = search_text.split("-")
@search_condition = "(address_books.organization_name like '#{search_text}%' or address_books.business_name like '#{search_text}%' or address_books.federal_tax_id like '#{search_text}%' or address_books.city like '#{search_text}%' or address_books.zip like '#{search_text}%') " if search_field.length == 1
if search_text.include? "-"
if search_field.length <= 1
@search_condition = " (address_books.organization_name like '%" + search_field[0] + "%' "
@search_condition += " or address_books.business_name like '%" + search_field[1] + "%' "
@search_condition += " or address_books.federal_tax_id like '%" + search_field[2] + "%' "
@search_condition += " or address_books.city like '%" + search_field[3] + "%' "
@search_condition += " or address_books.zip like '%" + search_field[4] + "%') "