mardi 5 juillet 2016

Rails: safe where query against stored array

I am having a problem performing a where query against an array field in my Postgres database.
In my rails app i have a table called People. One column in this is called pets. Now this column contains array values, ie:

["dog", "cat", "fish"]

I would like to perform a query that returns all the people that have a pet dog for example.

The solution ive been using so far looks as such

People.where(""pets" @> '{"" + checkedPet + ""}'")

where checkedPet is a variable and could be "dog" or any other animal.

This works but i feel is vulnerable to a SQL injection problem?
Is this the case? If so what is a better and safer solution to avoid it?

Aucun commentaire:

Enregistrer un commentaire