SQL Like operator in ruby on rails

rails 5 like query
rails sql query
rails like query sql injection
like query rails5
rails search query
rails update where clause
rails where or
like in ruby

I had got a task to select search the students those name start with param value and city in the selected value.How can i set in ruby on rails? i did like this but this is not working controller

 def list

    studentcount=Student.count()
    puts studentcount
    @studentname = Student.where("name name1 AND city = :cityId1",
    {:name1 => params[:name], :cityId1 => params[:cityId]})

    puts 'studentname'
    puts @studentname.inspect
    @students = Student.limit(params[:jtPageSize]).offset(params[:jtStartIndex]).order(params[:jtSorting])

    @jtable = {'Result' => 'OK','Records' => @students.map(&:attributes), :TotalRecordCount => studentcount}

    respond_to do |format|
      format.html # index.html.erb
      format.json { render :json => @jtable}
    end
  end

Try:

@studentname = Student.where("name LIKE :name1 AND city = :cityId1",
  {:name1 => "#{params[:name]}%", :cityId1 => params[:cityId]})

This is a rather dirty solution, but pure ARel cannot handle this case the way you desire. You might want to try the Sqeel gem.

Rails and database agnostic LIKE - Shim Shtein, It sounds like a really easy job to write in pure SQL, but I have to do it in a way that would work… Rails does not have like queries out of the box, we can always use generic where clause With little ruby trickery, we can use this method:  Rails Mode ON. We now understand the meaning of databases, we’ve tried some basic queries, and have talked about the relationship between tables. But how can we use that knowledge in the Ruby on Rails and web development World? First of all: Rails is Rails. The Database is Database. Is it obvious? But people usually get confused about that.

Try

@studentname = Student.where("name LIKE ? AND city = ?", "#{params[:name]}%", params[:cityId])

Active Record Query Interface, For more information on the dangers of SQL injection, see the Ruby on Rails Security Guide. 2.2.1 Placeholder Conditions. Similar  Ruby on Rails: SQL Database & Models. we use conditions like where and order by and operators like or and But how can we use that knowledge in the Ruby on Rails and web development World

there is a error in your methods, it should be like this

  @studentname = Student.where("name = :name1 AND city = :cityId1",
     {:name1 => params[:name], :cityId1 => params[:cityId]})

Active Record Query Interface, SQL 'LIKE' injection is a form of denial-of-service attack where an end-user adds wildcards to a SQL query that uses the 'LIKE' keyword. This greatly increases  Just like in Ruby. If you want a shorter syntax be sure to check out the Hash Conditions section later on in the guide. 2.3 Hash Conditions. Active Record also allows you to pass in a hash conditions which can increase the readability of your conditions syntax.

Rails SQL Injection with LIKE, I build my own SQL string and params hash and pass them to find_by_sql. Peace​, Phillip. ankit2584 September 22, 2018, 12:26am  Ruby Bitwise Operators. Bitwise operator works on bits and performs bit by bit operation. Assume if a = 60; and b = 13; now in binary format they will be as follows − a = 0011 1100 b = 0000 1101 ----- a&b = 0000 1100 a|b = 0011 1101 a^b = 0011 0001 ~a = 1100 0011

LIKE clause in rails - Rails, The Ruby on Rails web framework provides a library called ActiveRecord which many query methods and options in ActiveRecord which do not sanitize raw SQL If the argument is an array or hash, it will be treated like a conditions option. Fire the SQL query and retrieve the corresponding results from the database. Instantiate the equivalent Ruby object of the appropriate model for every resulting row. Run after_find and then after_initialize callbacks, if any. 2.1 Retrieving a Single Object. Active Record provides several different ways of retrieving a single object. 2.1.1 find

Rails SQL Injection Examples, Rails where method helps you query your database to find specific records. By using "where" you can filter records,use multiple conditions, OR, NOT, LIKE, etc. This ? is called a “placeholder”, and it's used for security to avoid “SQL injection”  Using SQLite3 with Ruby. So far we've been writing pure SQL, which is pretty powerful on it's own. But if you're like me, SQL's syntax seems more opaque than scripting languages such as Ruby and Python. When SQL queries involve subqueries and joins, the syntax can get especially difficult.

Comments
  • Can you help me to write if statement for the cityid==0
  • This will make sure the name ends with the value, not begins with it.