Bind Parameters To ActiveRecord SQL Query
Many of the connection query methods that come with ActiveRecord
accept an optional binds
parameter. This can be used to safely inject parameters into the query.
Here's a SQL query we could use with one of these methods:
sql = <<-SQL
select
coalesce(places.latitude, 41.8781) latitude,
coalesce(places.longitude, -87.6298) longitude
from places
join appointments
on places.id = apointments.places_id
where appointments.id = $1
and status = $2
SQL
Notice the $1
and $2
, those are what will be bound to the two parameters included as binds
.
connection = ActiveRecord::Base.connection
binds = [[nil, appt_id], [nil, input_status]]
coords = connection.select_one(sql, nil, binds)
coords
#=> { "latitude": 41.8781, "longitude": -87.6298 }
Notice the binds
is an array of tuples. It's the second value in each tuple that gets bound the corresponding binding indicator in the sql. The syntax is a bit awkward since it is a lower-level API, however once you know it, you can manage.
Last updated
Was this helpful?