Postgres Double Quotes No Escape

时间:2013-03-29 08:20:47

标签: ruby-on-rails string postgresql full-text-search

我有这个模型

class Post < ActiveRecord::Base
  attr_accessible :content, :title, :user_id

  belongs_to :user

  def self.text_search(query)
    if query.present?
      rank = <<-RANK
        ts_rank(to_tsvector(title), plainto_tsquery(#{sanitize(query)})) +
        ts_rank(to_tsvector(content), plainto_tsquery(#{sanitize(query)}))
      RANK
      where("to_tsvector('english', title) @@ :q or
        to_tsvector('english', content) @@ :q", q: sanitize(query)).order("#{rank} desc")
    else
      scoped
    end 
  end 

end

我有这个方法调用

Post.text_search("Where is the safest place")

问题:为什么在SQL中调用时查询不会转义双引号?如下所示:

  Post Load (2.4ms)  SELECT "posts".* FROM "posts" WHERE (to_tsvector('english', title) @@ '''Where is the safest place''' or
 to_tsvector('english', content) @@ '''Where is the safest place''') ORDER BY ts_rank(to_tsvector(title), plainto_tsquery('Where is the safest place')) +
 ts_rank(to_tsvector(content), plainto_tsquery('Where is the safest place'))

1 个答案:

答案 0 :(得分:1)

在“plainto_tsquery()”

中包装了“:q”绑定
where("to_tsvector('english', title) @@ :q or
        to_tsvector('english', content) @@ plainto_tsquery(:q)", q: query).order("#{rank} desc")