Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- This query works,
- Model.where("major #{operator} :major OR (major = :major AND minor #{operator} :minor)", :major => major, :minor => minor)
- but I am worried about sql injection passing an escaped string
- so I tried this
- `Model.where("major :operator :major OR (major = :major AND minor :operator :minor)", :major => major, :minor => minor, :operator => :operator)`
- which will throw an error
- `ERROR: syntax error at or near "1"
- LINE 1: ...o_content_view_versions" WHERE (major '=' 1 OR (majo...
- `
- it has an issue with = or > as a string
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement