On Fri, Nov 19, 2021 at 1:28 AM Billy Zheng <vil...@gmail.com> wrote:
> e.g. when use ActiveRecord, i can do where like this. > > Event.where("payload->>'kind' = ?", "user_renamed") > > For Sequel, i guess we have to do like this, right? > > Event.where(Sequel.lit("payload->>'kind' = ?", "user_renamed")) > > Why we need stick on add a Sequel.lit in this case when first arguments of > where is just a string? > This is to prevent SQL injection, since without it, it's too easy to introduce vulnerabilities. If you really want it to work the same way, you can use the auto_literal_strings extension: http://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/auto_literal_strings_rb.html Sequel supports the SQL you want to generate using the pg_json_ops extension: Event.where(Sequel.pg_jsonb(:payload).get_text('kind')=>'user_renamed') Note that if you are using jsonb types, depending on the indexes in use, you may get better performance using a contains query: Event.where(Sequel.pg_jsonb(:payload).contains('kind'=>'user_renamed')) Thanks, Jeremy -- You received this message because you are subscribed to the Google Groups "sequel-talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to sequel-talk+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/sequel-talk/CADGZSSd%3D_uJPTzhYsn%2BML5yrmo%3DUbsZHREX%3D-onEeXYX2JJnyw%40mail.gmail.com.