I'm looking for feedback on PR #13008: Support SQL sanitization in
AR::QueryMethods#order <https://github.com/rails/rails/pull/13008>.
Currently, you can't do SQL sanitized interpolation like `['?', param]`
with AREL `order` clauses.
This sanitization would be useful for complex order clauses, e.g. like
MySQL `ORDER BY FIELD(field, values...)`:
Post.order("field(id, ?)", [2,3,1])
...or geolocation sorting in Postgresql:
Location.order('st_distance(latlon, ?) < ?', location, distance)
Without this patch, developers must remember to sanitize their inputs with
more verbose, less common use methods.
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Core" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to rubyonrails-core+unsubscr...@googlegroups.com.
To post to this group, send email to rubyonrails-core@googlegroups.com.
Visit this group at http://groups.google.com/group/rubyonrails-core.
For more options, visit https://groups.google.com/groups/opt_out.
