I have a model Exercises and it has columns of :circuit and :order (among others). In a view, I am trying to order the Exercises first by :circuit and then by :order. When I use the following:
#schedule.exercises.order(:circuit).each do |exercise|
it works as expected. However, when I try to add the :order column:
#schedule.exercises.order(:circuit, :order).each do |exercise|
I get the following error:
SQLite3::SQLException: near "order": syntax error: SELECT "exercises".* FROM "exercises" WHERE "exercises"."schedule_id" = 1 ORDER BY circuit, order
The same error also occurs when I pass the :order column alone:
#schedule.exercises.order(:order).each do |exercise|
SQLite3::SQLException: near "order": syntax error: SELECT "exercises".* FROM "exercises" WHERE "exercises"."schedule_id" = 1 ORDER BY order
I'm assuming that this is because the column name (:order) is the same as the SQL method name (order). I'm wondering if there's any way around this other than changing my column heading?
Thanks,
Stuart
Changing the column name is the only sensible option out of this. Change it to something like "position".
If you really want to try and do this you could write a find by sql query and escape the col name with back quotes like
ModelName.find_by_sql(SELECT * FROM ModelName ORDER BY '`order`')
But I would say you should just change the column name
I am also facing same issue, but specifying table name in order clause it works.
#schedule.exercises.order("exercises.circuit ASC, exercises.order ASC").each do |exercise|
Just use "reorder" instead of "order"
Related
I am running a very simple query in Metabase, however, I am getting an error.
Following is the code I am running:
SELECT user_id
FROM order_order
[[where date_placed between {{from}} and {{to}}]]
and {{partner_id}}
Following is the error I am getting:
ERROR: syntax error at or near "and" Position: 33
I have been trying multiple ways to get this fixed, but couldn't get this to work. I would appreciate your help with this query. I don't see a problem with the query tho. What am I missing?
Attaching image for refrence
I think you just want:
SELECT user_id
FROM order_order
where
{{partner_id}}
[[and {{date}}]]
then use an advanced date query to do the between part?
All from memory so hope I'm not way off.
The statement inside the [[ ]] in your query is only used when from or to variables have a selected value. That means that when both from and to are not set (no value selected) your query will be the following:
SELECT user_id
FROM order_order
and {{partner_id}}
hence the error.
In order to resolve it you should set the where clause to always true and then have the conditional statements that you want. Here is an example:
SELECT user_id
FROM order_order
where true
[[and date_placed between {{from}} and {{to}}]]
and {{partner_id}}
I know that order is not safe, so I want to refactor this code:
#tasks = #search.result.joins(user_application_status: {student_application: [student_profile: :student]})
.order(sort_column + ' ' + sort_direction).page(params[:page])
sort_column is reading from params directly and would be something like user_application_tasks.name and sort_direction would return somethig like asc, I tried refactoring it to:
.order("? ?", sort_column, sort_direction).page(page_params)
but I am getting an error
ActiveRecord::StatementInvalid - PG::SyntaxError: ERROR: syntax error at or near ","
LINE 1: ...HERE (application_statuses.id = 137) ORDER BY ? ?, user_app...
I have done this sort of thing before with where statements like
Thing.where("state = ?" ,params[:state])
Is there some special syntax I am omitting?
EDIT:
The thing I am most worried about is someone being able to inject sql here and do something harmful, as #spickermann mentioned order doesn't sanitize the data so
Thing.order("name; drop table users;")
will result in the users table being destroyed.
order doesn't sanitize attributes when they are provided in a list like where does.
But is accepts as hash like this:
order(sort_column => sort_direction)
See the Rails Guides About Ordering.
Im using SSAS Tabular. Trying to insert a column which gets data(OrgNumber) from an unrelated table called DimCustomer.
DAX-Syntax:
=Calculate(Values('DimCustomer'[OrgNum]),FILTER('DimCustomer','DimCustomer'[CustomerNr]='FactTransactions'[CustomerNr])))
Throws back error msg:
The syntax for 'FILTER' is incorrect.
The calculated column 'FactTransactions[CalculatedColumn1]' contains a syntax error. Provide a valid formula.
Try this:
=LOOKUPVALUE('DimCustomer'[OrgNum], 'DimCustomer'[CustomerNr], 'FactTransactions'[CustomerNr])
This assumes it is a calculated column on FactTransactions
I laid out your code like the below and it seems you have an extra bracket:
=Calculate
(
Values('DimCustomer'[OrgNum]),
FILTER
(
'DimCustomer',
'DimCustomer'[CustomerNr]='FactTransactions'[CustomerNr]
)
)
)
In a where statement, you can use variables like:
Order.where('employee_id = ?', params[:employee_id])
I'm trying to accomplish something similar with a select, but it's not working:
Order.select('amount FROM line_items WHERE employee_id = ? AS employee_line_items', params[:employee_id])
=> ERROR: syntax error at or near "1"
=> LINE 1: ...ployee_id" = ? AS employee_line_items, 1
What's going on here? Is it possible to use ? in select statement? If not, how can you insert an escaped sql string here? I'd like to just use #{params[:employee_id]}, but this bit of code would be vulnerable to sql injection.
You have to split your query and chain it:
Order.select('amount FROM line_items').where(['WHERE employee_id = ?', params[:employee_id]])
And also based on this question, I believe you cannot use AS in WHERE clause, only when selecting fields (and you can't use them in WHERE in any case)
Check the documentation to understand how select works on ActiveRecord models
I am trying to run a sql like below
select name from appointments where location_id in (2,3,4)
the following does not work. I am using PostgreSQL
a = [2,3,4]
Appointment.select(:name).where("location_id IN ?", a)
ActiveRecord::StatementInvalid: PGError: ERROR: syntax error at or near "2"
LINE 1: ... FROM "appointments" WHERE (location_id IN 2,3,4)
^
: SELECT name FROM "appointments" WHERE (location_id IN 2,3,4)
You can use this:
Appointment.select(:name).where(:location_id => [2,3,4])
Hope this helps
I don't know rails, but it looks to me like you need to do this:
Appointment.select(:name).where("location_id IN (?)", a)
i.e., put brackets around the ?.