mirror of
https://github.com/jbranchaud/til
synced 2026-01-03 23:28:02 +00:00
39 lines
1.1 KiB
Markdown
39 lines
1.1 KiB
Markdown
# Bind Parameters To ActiveRecord SQL Query
|
|
|
|
Many of the connection query methods that come with `ActiveRecord` accept an
|
|
optional `binds` parameter. This can be used to safely inject parameters into
|
|
the query.
|
|
|
|
Here's a SQL query we could use with one of these methods:
|
|
|
|
```ruby
|
|
sql = <<-SQL
|
|
select
|
|
coalesce(places.latitude, 41.8781) latitude,
|
|
coalesce(places.longitude, -87.6298) longitude
|
|
from places
|
|
join appointments
|
|
on places.id = apointments.places_id
|
|
where appointments.id = $1
|
|
and status = $2
|
|
SQL
|
|
```
|
|
|
|
Notice the `$1` and `$2`, those are what will be bound to the two parameters
|
|
included as `binds`.
|
|
|
|
```ruby
|
|
connection = ActiveRecord::Base.connection
|
|
|
|
binds = [[nil, appt_id], [nil, input_status]]
|
|
coords = connection.select_one(sql, nil, binds)
|
|
|
|
coords
|
|
#=> { "latitude": 41.8781, "longitude": -87.6298 }
|
|
```
|
|
|
|
Notice the `binds` is an array of tuples. It's the second value in each tuple
|
|
that gets bound the corresponding binding indicator in the sql. The syntax is a
|
|
bit awkward since it is a lower-level API, however once you know it, you can
|
|
manage.
|