将SQL转换为ActiveRecord查询

Question

如何将以下SQL查询转换为ActiveRecord查询，以减少SQL注入？

jacket_colors ||= [2,21,25,20]
jacket_types = JacketType.find_by_sql(<<-SQL)
  SELECT j2.*, t1.no_count
   FROM jeans j2
   INNER JOIN (
     SELECT
     j1.jean_id AS jean_id,
     COUNT(j1.id) AS no_count
     FROM tracks t
     INNER JOIN jacket_types j1 ON j1.track_id = t.id
     INNER JOIN jeans j2 ON j2.id = j1.jean_id
     WHERE t.status = 0
       AND j1.status IN (#{jacket_colors})
       AND t.type != 'TrekkingTrack'
     GROUP BY j1.jean_id
     HAVING COUNT(j1.id) > 0
   ) t1 ON t1.jean_id = j2.id
 SQL

jacket_types随用户输入而变化。

我尝试了以下操作，但这不起作用，并产生了不正确的SQL。

jacket_colors ||= [2,21,25,20]

Jean.joins(:jacket_types, :track)
.select('jeans.jacket_types_id AS jacket_types_id, COUNT(jeans.id) AS no_count').
where('jeans.status IN (?) AND tracks.status = ? AND tracks.type != ?', jacket_colors, 0, 'TrekkingTrack')
.group('jeans.jacket_types_id')
.having('COUNT(jeans.id) > ?', 0)
.select('jacket_types.*, tracks.no_count').explain

Answer 1

请试试看，我想它会成功的。

Rails查询版本：

jacket_colors ||= [2,21,25,20]

Jean.joins(:jacket_types => :track)
 .where('jeans.status IN (?) AND tracks.status = ? AND tracks.type != ?',
 jacket_colors, 0, 'TrekkingTrack').group('jeans.jacket_types_id')
.select('jacket_types.column1, jacket_types.column2, ....., 
 count(jacket_types) no_count').having("no_count > 0")

的

jacket_colors ||= [2,21,25,20]
jacket_types = JacketType.find_by_sql(<<-SQL)
  SELECT j2.*, t1.no_count
  FROM jeans j2
    INNER JOIN (
      SELECT
      j1.jean_id AS jean_id,
      COUNT(j1.id) AS no_count
      FROM tracks t
        INNER JOIN jacket_types j1 ON j1.track_id = t.id
        INNER JOIN jeans j2 ON j2.id = j1.jean_id
        WHERE t.status = 0
        AND j1.status IN (#{jacket_colors})
        AND t.type != 'TrekkingTrack'
        GROUP BY j1.jean_id
        HAVING COUNT(j1.id) > 0
   ) t1 ON t1.jean_id = j2.id
 SQL