为什么我没有在rails中获得此查询的结果？

I am trying to get rows from mysql in rails by following query.I am trying first it on console.But this is not working,please help me.

我试图通过以下查询从rails中获取mysql的行。我在控制台上首先尝试它。但这不起作用，请帮助我。

name="vikash" List=User.find_by_sql["SELECT * from users where name like ?",%#{name}%]

name =“vikash”List = User.find_by_sql [“SELECT * from users where name like？”，％＃{name}％]

4 个解决方案

#1

-1

Try this query

试试这个查询

User.find_by_sql("SELECT * from users where name like '%#{name}%'")

#2

A small mistake in your query.

查询中的一个小错误。

Space after find_by_sql and name interpolation should be done with double quote.

find_by_sql和名称插值后的空格应该用双引号完成。

name = "vikash"

list = User.find_by_sql ["SELECT * from users where name like ?", "%#{name}%"]

Check below links for details

请查看以下链接了解详情

http://www.w3schools.com/sql/trysql.asp?filename=trysql_select_like

http://apidock.com/rails/ActiveRecord/Querying/find_by_sql

Hope this will help you...

希望对你有帮助...

Do not put variable directly into the conditions string will pass the variable to the database as-is. This means that it will be an unescaped variable directly from a user who may have malicious intent.

不要将变量直接放入条件字符串中将变量原样传递给数据库。这意味着它将直接来自可能具有恶意意图的用户的未转义变量。

You can check in console by name = "vikash'" and query with the query shown by @sanju

您可以通过name =“vikash'”检入控制台，并使用@sanju显示的查询进行查询

User.find_by_sql("SELECT * from users where name like '%#{name}%'")

And see the difference how malicious characters are escaped by querying with

并通过查询来查看恶意字符如何被转义的区别

list = User.find_by_sql ["SELECT * from users where name like ?", "%#{name}%"]

For further information visit:

#3

Try updating your find_by_sql to the following:

尝试将find_by_sql更新为以下内容：

User.find_by_sql(["SELECT * from users where name like ?", "%#{name}%"])

User.find_by_sql（[“SELECT * from users where name like？”，“％＃{name}％”]）

#4

use this code:

使用此代码：

list= User.find_by_sql("SELECT * from users where name like '%#{name}%'")

#1

-1