【发布时间】:2021-09-29 12:17:09
【问题描述】:
我正在尝试清理传递给 ST_Centroid 的参数,但出现语法错误。
"SELECT ST_AsText(ST_Centroid(MULTIPOINT ( 0 0, 0 0, 0 0, 0 0 ))) as centroid"
sql = ActiveRecord::Base::sanitize_sql_array(['SELECT ST_AsText(ST_Centroid(MULTIPOINT ( ? ?, ? ?, ? ?, ? ? ))) as centroid', min_longitude, min_latitude, min_longitude, max_latitude, max_longitude, min_latitude, max_longitude, max_latitude])
ActiveRecord::Base.connection.execute(sql)&.to_a&.first["centroid"] || ""
语法错误
from /home/aniket/.rvm/gems/ruby-2.6.5@project/gems/activerecord-6.0.3.7/lib/active_record/connection_adapters/postgresql/database_statements.rb:92:in `exec'
Caused by PG::SyntaxError: ERROR: syntax error at or near "0"
LINE 1: SELECT ST_AsText(ST_Centroid(MULTIPOINT ( 0 0, 0 0, 0 0, 0 0..
如果我不对其进行消毒,它可以正常工作
sql = "SELECT ST_AsText(ST_Centroid('MULTIPOINT ( #{min_longitude} #{min_latitude}, #{min_longitude} #{max_latitude}, #{max_longitude} #{min_latitude}, #{max_longitude} #{max_latitude} )')) as centroid";
ActiveRecord::Base.connection.execute(sql)&.to_a&.first["centroid"]
(0.7ms) SELECT ST_AsText(ST_Centroid('MULTIPOINT ( 0 0, 0 0, 0 0, 0 0 )')) as centroid
=> "POINT(0 0)"
【问题讨论】:
-
查询应该是
sanitize_sql_array(["SELECT ST_AsText(ST_Centroid('MULTIPOINT(...)'))",..]),对吧?注意"和' -
Lam Phan 我没听懂你。你能详细说明一下吗?
标签: ruby-on-rails ruby ruby-on-rails-6 sanitization