Non-attribute arguments will be disallowed in Rails 6.1. This method should not be called with user-provided values, such as request parameters or model attributes. Known-safe values can be passed by wrapping them in Arel.sql().
- Most of my cases are like this:
- And it’s pretty easy to fix them:
However, how would I fix this one?
where('ifnull(to_date,2099-12-31) >= ?', date).
Arel.sql does not perform param substitution.
Would the following be correct?
where(Arel.sql('ifnull(to_date,2099-12-31) >= ?'), date).
(I don’t seek tips on rewriting queries. I have tons of legacy code and I won’t be hand-fixing all of these, when a good regexp find-and-replace can resolve thousands of issues for me. Please focus on the question asked. Thank you in advance.)