Merge pull request #42963 from jordannb/fix-unknown-attr-ref-err-doc

API Docs: Use Arel.sql examples that require Arel.sql
This commit is contained in:
Ryuta Kamizono 2021-08-07 13:42:45 +09:00 committed by GitHub
commit 9576a4c77f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 3 deletions

View File

@ -470,12 +470,12 @@ module ActiveRecord
# #
# For example, the following code would raise this exception: # For example, the following code would raise this exception:
# #
# Post.order("length(title)").first # Post.order("REPLACE(title, 'misc', 'zzzz') asc").pluck(:id)
# #
# The desired result can be accomplished by wrapping the known-safe string # The desired result can be accomplished by wrapping the known-safe string
# in Arel.sql: # in Arel.sql:
# #
# Post.order(Arel.sql("length(title)")).first # Post.order(Arel.sql("REPLACE(title, 'misc', 'zzzz') asc")).pluck(:id)
# #
# Again, such a workaround should *not* be used when passing user-provided # Again, such a workaround should *not* be used when passing user-provided
# values, such as request parameters or model attributes to query methods. # values, such as request parameters or model attributes to query methods.

View File

@ -29,7 +29,7 @@ module Arel
# Wrap a known-safe SQL string for passing to query methods, e.g. # Wrap a known-safe SQL string for passing to query methods, e.g.
# #
# Post.order(Arel.sql("length(title)")).last # Post.order(Arel.sql("REPLACE(title, 'misc', 'zzzz') asc")).pluck(:id)
# #
# Great caution should be taken to avoid SQL injection vulnerabilities. # Great caution should be taken to avoid SQL injection vulnerabilities.
# This method should not be used with unsafe values such as request # This method should not be used with unsafe values such as request