Add Bind Parameters To ActiveRecord SQL Query as a rails til

2026-01-03 07:08:01 +00:00 · 2020-08-07 14:05:12 -05:00
parent 4ad2ce84d3
commit 7c882cbeba
2 changed files with 40 additions and 1 deletions
--- a/rails/bind-parameters-to-activerecord-sql-query.md
+++ b/rails/bind-parameters-to-activerecord-sql-query.md
@@ -0,0 +1,38 @@
+# Bind Parameters To ActiveRecord SQL Query
+
+Many of the connection query methods that come with `ActiveRecord` accept an
+optional `binds` parameter. This can be used to safely inject parameters into
+the query.
+
+Here's a SQL query we could use with one of these methods:
+
+```ruby
+sql = <<-SQL
+  select
+    coalesce(places.latitude, 41.8781) latitude,
+    coalesce(places.longitude, -87.6298) longitude
+  from places
+  join appointments
+    on places.id = apointments.places_id
+  where appointments.id = $1
+    and status = $2
+SQL
+```
+
+Notice the `$1` and `$2`, those are what will be bound to the two parameters
+included as `binds`.
+
+```ruby
+connection = ActiveRecord::Base.connection
+
+binds = [[nil, appt_id], [nil, input_status]]
+coords = connection.select_one(sql, nil, binds)
+
+coords
+#=> { "latitude": 41.8781, "longitude": -87.6298 }
+```
+
+Notice the `binds` is an array of tuples. It's the second value in each tuple
+that gets bound the corresponding binding indicator in the sql. The syntax is a
+bit awkward since it is a lower-level API, however once you know it, you can
+manage.