I am having a problem performing a where query against an array field in my Postgres database.
In my rails app i have a table called People
. One column in this is called pets
. Now this column contains array values, ie:
["dog", "cat", "fish"]
I would like to perform a query that returns all the people that have a pet dog for example.
The solution ive been using so far looks as such
People.where(""pets" @> '{"" + checkedPet + ""}'")
where checkedPet
is a variable and could be "dog" or any other animal.
This works but i feel is vulnerable to a SQL injection problem?
Is this the case? If so what is a better and safer solution to avoid it?
Aucun commentaire:
Enregistrer un commentaire