diff --git a/README.md b/README.md index ffd67af..f6a745f 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ and pairing with smart people at Hashrocket. For a steady stream of TILs, [sign up for my newsletter](https://tinyletter.com/jbranchaud). -_943 TILs and counting..._ +_944 TILs and counting..._ --- @@ -562,6 +562,7 @@ _943 TILs and counting..._ - [Attribute Getter without the Recursion](rails/attribute-getter-without-the-recursion.md) - [Attribute Was](rails/attribute-was.md) - [Autosave False On ActiveRecord Associations](rails/autosave-false-on-activerecord-associations.md) +- [Bind Parameters To ActiveRecord SQL Query](rails/bind-parameters-to-activerecord-sql-query.md) - [Build A Hash Of Model Attributes](rails/build-a-hash-of-model-attributes.md) - [Capybara Page Status Code](rails/capybara-page-status-code.md) - [Cast Common Boolean-Like Values To Booleans](rails/cast-common-boolean-like-values-to-booleans.md) diff --git a/rails/bind-parameters-to-activerecord-sql-query.md b/rails/bind-parameters-to-activerecord-sql-query.md new file mode 100644 index 0000000..7e5297b --- /dev/null +++ b/rails/bind-parameters-to-activerecord-sql-query.md @@ -0,0 +1,38 @@ +# Bind Parameters To ActiveRecord SQL Query + +Many of the connection query methods that come with `ActiveRecord` accept an +optional `binds` parameter. This can be used to safely inject parameters into +the query. + +Here's a SQL query we could use with one of these methods: + +```ruby +sql = <<-SQL + select + coalesce(places.latitude, 41.8781) latitude, + coalesce(places.longitude, -87.6298) longitude + from places + join appointments + on places.id = apointments.places_id + where appointments.id = $1 + and status = $2 +SQL +``` + +Notice the `$1` and `$2`, those are what will be bound to the two parameters +included as `binds`. + +```ruby +connection = ActiveRecord::Base.connection + +binds = [[nil, appt_id], [nil, input_status]] +coords = connection.select_one(sql, nil, binds) + +coords +#=> { "latitude": 41.8781, "longitude": -87.6298 } +``` + +Notice the `binds` is an array of tuples. It's the second value in each tuple +that gets bound the corresponding binding indicator in the sql. The syntax is a +bit awkward since it is a lower-level API, however once you know it, you can +manage.