Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SQL query support in Ruby #9

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Add SQL query support in Ruby #9

wants to merge 5 commits into from

Conversation

montulli
Copy link

@montulli montulli commented Aug 8, 2019

new 'sql_query' function that will return a raw SQL query.

  • Uses Rails 'sanitize_sql_for_conditions' to prevent SQL injection.
  • Adds an 'id_whitelist' to limit searches to just the id fields that are approved. This is similar to hard params

@sergey-koba-mobidev
Copy link

Looks promising, @SixiS what do you think?

@SixiS
Copy link
Owner

SixiS commented Jun 4, 2020

Thanks for all the work @montulli - really great idea.
Nice to see people still using this gem!

@sergey-koba-mobidev - I don't really like appending the sql-specific code to all the operator classes.
I have an idea to make the gem more extendible by making it so it can have different sets of evaluators / operators.

It's a bit of work tho, will see if I can get to it in the next few weeks.

@montulli
Copy link
Author

Howdy! Any more thoughts or progress on this functionality?

@SixiS
Copy link
Owner

SixiS commented Sep 11, 2021

@montulli - woah, thanks so much for pinging on it after so long!
Working on it now - will have a branch for the new stuff in the next week (for real).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@montulli @sergey-koba-mobidev @SixiS