我在ruby 2.0.0,@temp = [3, 4]
中有一個數組,我想在SQL IN
語句中使用它。所以我想要刪除括號([, ]
)。使用Ruby數組的SQL查詢IN
我的SQL查詢:
SELECT E.id,E.name, CEU.attempt, E.total_mark, CEU.has_attended as attendance, CE.id as categoryexamId, CE.examtype_id as examType, CU.id as categoryuserId, U.name as username
FROM exams E
Inner Join categoryexams CE on E.id = CE.exam_id
Inner Join categoryexamusers CEU on CE.id = CEU.categoryexam_id
Inner Join categoryusers CU on CEU.categoryuser_id = CU.id
Inner Join categories C on CE.category_id = C.id
Inner Join users U on CU.user_id = U.id
Inner Join examtypes ET on CE.examtype_id = ET.id
WHERE CE.category_id = #{category_id} AND CEU.has_attended = 1 AND U.id = #{user} AND CE.currentyear = #{academicYear} AND CE.examtype_id = #{examtype}" + (@temp.blank? ? "" : " AND CEU.categoryexam_id NOT IN (#{@temp})") +
" Group By CE.id;
請看這裏 - http://archive.railsforum.com/viewtopic.php?id=14742 –
**你的代碼不安全,並有幾個[SQL注入](https://en.wikipedia.org/wiki/SQL_injection)!! **另請參見[SQL注入的Rails指南部分](http://guides.rubyonrails.org/security.html#sql-injection) –
I f在Rails Active記錄查詢格式中很難轉換這個查詢。你能幫忙嗎? –