On Fri, Nov 19, 2021 at 1:28 AM Billy Zheng <[email protected]> wrote:
> e.g. when use ActiveRecord, i can do where like this.
>
> Event.where("payload->>'kind' = ?", "user_renamed")
>
> For Sequel, i guess we have to do like this, right?
>
> Event.where(Sequel.lit("payload->>'kind' = ?", "user_renamed"))
>
> Why we need stick on add a Sequel.lit in this case when first arguments of
> where is just a string?
>
This is to prevent SQL injection, since without it, it's too easy to
introduce vulnerabilities. If you really want it to work the same way, you
can use the auto_literal_strings extension:
http://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/auto_literal_strings_rb.html
Sequel supports the SQL you want to generate using the pg_json_ops
extension:
Event.where(Sequel.pg_jsonb(:payload).get_text('kind')=>'user_renamed')
Note that if you are using jsonb types, depending on the indexes in use,
you may get better performance using a contains query:
Event.where(Sequel.pg_jsonb(:payload).contains('kind'=>'user_renamed'))
Thanks,
Jeremy
--
You received this message because you are subscribed to the Google Groups
"sequel-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/sequel-talk/CADGZSSd%3D_uJPTzhYsn%2BML5yrmo%3DUbsZHREX%3D-onEeXYX2JJnyw%40mail.gmail.com.
