rails - 一些地方(例如 .order('xx') 中),需要使用Arel.sql('xx') 语句

访问量: 25

refer to:
https://stackoverflow.com/questions/49887593/deprecation-warning-dangerous-query-method-method-whose-arguments-are-used-as

Dangerous query method (method whose arguments are used as raw SQL) called with non-attribute argument(s)

所以,不能在ruby代码中直接: MyModel.order("#{params[:order_by_column]} #{params[:asc_or_desc]}")

而是需要这样: MyModel.order(Arel.sql("#{params[:order_by_column]} #{params[:asc_or_desc]}"))

订阅/RSS Feed

Subscribe