7

I am executing the following raw sql query in one of my controllers :

active_users_query = <<-SQL 
       SELECT count(DISTINCT patients.id)
       FROM public.patients, public.subscriptions, public.users, public.calendar_days
       WHERE patients.user_id = users.id 
       AND patients.id = calendar_days.patient_id 
       AND subscriptions.user_id = patients.user_id 
       AND (date_trunc('day',patients.last_sync) > current_date - interval '30 days' 
       OR date_trunc('day', calendar_days.created_at) > current_date - interval '30 days' 
       OR date_trunc('day',users.current_sign_in_at) > current_date - interval '30 days') 
       AND subscriptions.code_id = 2  
SQL

Is there a way I can add some RoR code to the last line of this query to generate the code_id dynamically ?

Something like this :

AND subscriptions.code_id = '@subscription.code'
Improve this question

1 Answer 1

Reset to default
14

You can interpolate Ruby variables in heredoc strings

active_users_query = <<-SQL 
       SELECT count(DISTINCT patients.id)
       FROM public.patients, public.subscriptions, public.users, public.calendar_days
       WHERE patients.user_id = users.id 
       AND patients.id = calendar_days.patient_id 
       AND subscriptions.user_id = patients.user_id 
       AND (date_trunc('day',patients.last_sync) > current_date - interval '30 days' 
       OR date_trunc('day', calendar_days.created_at) > current_date - interval '30 days' 
       OR date_trunc('day',users.current_sign_in_at) > current_date - interval '30 days') 
       AND subscriptions.code_id = '#{@subscription.code}'  
SQL
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Doesn't this make it vulnerable for injections?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.