在我的应用程序中,我有表用户有以下列:
t.integer "administrations", array: true
我的代码看起来像这样:
User.where("administrations::int[] = ARRAY[#{administration_ids.join(',') }]::int[]")
,但它是脆弱的SQL注入。我试着把它们重写成这样:
User.where("administrations::int[] = ?", "ARRAY[#{administration_ids.join(',') }]::int[]")
但是这行不通…
它返回:
PG::InvalidTextRepresentation: ERROR: array value must start with "{" or dimension information
would
User.where("administrations::int[] = ARRAY[?]::int[]", administration_ids.join(','))
工作吗?
也可以这样做:
User.where(administrations: '{15,26,62,89,121}')