2、查询条件
通过替换?来传递条件值,可避免SQL注入
代码如下:
Client.first(:conditions => ["orders_count = ?", params[:orders])
symbol占位条件
代码如下:
Client.all(:conditions => ["created_at >= :start_date AND created_at <= :end_date", {:start_date => params[:start_date], :end_date => params[:end_date] }])
范围条件 in(集合)
代码如下:
Client.all(:conditions => ["created_at IN (?)", (params[:start_date].to_date)..(params[:end_date].to_date])
生成sql
SELECT * FROM users WHERE (created_at IN ('2007-12-31','2008-01-01','2008-01-02','2008-01-03','2008-01-04','2008-01-05', '2008-01-06','2008-01-07','2008-01-08'))
如果要生成日期时间,再加上.to_time
代码如下:params[:start_date].to_date.to_time,生成2007-12-01 00:00:00格式
有上数据库会在以上条件中报错,如Mysql会报查询语句过长的错误,此时可以改成created_at > ? AND created_at < ?的形式
Hash条件
代码如下:
Client.all(:conditions => {:locked => true })
带范围条件
代码如下:
Client.all(:conditons => {:created => (Time.now.midnight - 1.day)..Time.now.midnight})
生成sql
SELECT * FROM clients WHERE (clients.created_at BETWEEN '2008-12-21 00:00:00' AND '2008-12-22 00:00:00')
集合条件
代码如下:
Client.all(:conditons => {:orders_count => [1,3,5])
生成sql
SELECT * FROM clients WHERE (clients.orders_count IN (1,3,5))