I want to be able to specify user specific conditions in a MAX() sql call in the :select portion of the active record query (Rails 2.3.12). Unfortunately the safe string interpolation doesn't seem to work for the :select condition. The code is below, is there any other way to manually ensure the incoming values are safe? (They should be as they're just id's but you can never be too sure.)
:select => ["`component_instances`.*, max(`users`.id = ? AND `permissions`.view = 1) AS user_view, max(`users`.id = ? AND `permissions`.edit = 1) AS user_edit", user.id]
The query is designed to indicate to me if a particular user has explicit permissions开发者_如何学JAVA on a particular item in the site. It'll either return 1 (they do), 0 (they don't but others do), or nil (no one has explicit permissions).
Turns out you can manually use the sanitize_sql_array method to do this:
:select => sanitize_sql_array(["`component_instances`.*, max(`users`.id = ? AND `permissions`.view = 1) AS user_view, max(`users`.id = ? AND `permissions`.edit = 1) AS user_edit", user.id, user.id])
精彩评论