1. 首頁
  2. 問答
  3. 軌道4:Mysql2 ::錯誤:您在您的SQL語法錯誤

軌道4:Mysql2 ::錯誤:您在您的SQL語法錯誤

2014-09-20 68 views
0

我有一個軌道下面的代碼4的應用軌道4:Mysql2 ::錯誤:您在您的SQL語法錯誤

query= OrderHeader.select("orders_header.id, 
    orders_header.created_at").where("shop_id=#{shop_id} and 
    customer_id=#{customer_id} and hash_key like 
    '#{current_hash_key}'").order("id desc") 
     if query.nil? 
     return true # no duplicates found 
     end 
     if (query.count>0) # duplicates found 
     #nothing 
     end

,我得到的錯誤

ERROR

SELECT COUNT(orders_header.id, orders_header.created_at) FROM orders_header WHERE (shop_id=99 and customer_id=1 and hash_key like '539de64e8793790430052bc861dd0ff521334e32')

Mysql2::Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' orders_header.created_at) FROM orders_header WHERE (shop_id=99 and customer_' at line 1: SELECT COUNT(orders_header.id, orders_header.created_at) FROM orders_header WHERE (shop_id=99 and customer_id=1 and hash_key like '539de64e8793790430052bc861dd0ff521334e32')

來源

2014-09-20 Mike Adams

+0

,當我瀏覽到軌管理,並嘗試我有這樣的錯誤編輯我的一個users.do你有什麼想法? – 2017-09-05 10:33:19

回答

0

提到你需要等使用複數形式的表名裏面的字符串,orders_headers.idorders_header.id,並且,也避免SQL注入,你應該使用傳遞給串PARAMS不要把你的PARAMS裏面的字符串,如:

where("shop_id=?", shop_id)

所以清理你的整個where語句也可能是這樣的

where(shop_id: shop_id, customer_id: customer_id).where("hash_key like '?'",current_hash_key)

來源

2014-09-20 05:45:33

相關問題

 相關問題