Searching through array integer column with rails -
in app have table users have following column:
t.integer "administrations", array: true and have code looks this:
user.where("administrations::int[] = array[#{administration_ids.join(',') }]::int[]") but vulnerable sql injection. trying rewrite that:
user.where("administrations::int[] = ?", "array[#{administration_ids.join(',') }]::int[]") but not works...
it returns:
pg::invalidtextrepresentation: error: array value must start "{" or dimension information
would
user.where("administrations::int[] = array[?]::int[]", administration_ids.join(',')) work?
Comments
Post a Comment