Ruby on Rails latest stable (v7.1.3.2) - 0 notes - Superclass: ActiveRecord::ActiveRecordError
  • 1.0.0
  • 1.1.6
  • 1.2.6
  • 2.0.3
  • 2.1.0
  • 2.2.1
  • 2.3.8
  • 3.0.0
  • 3.0.9
  • 3.1.0
  • 3.2.1
  • 3.2.8
  • 3.2.13
  • 4.0.2
  • 4.1.8
  • 4.2.1
  • 4.2.7
  • 4.2.9
  • 5.0.0.1
  • 5.1.7
  • 5.2.3
  • 6.0.0
  • 6.1.3.1
  • 6.1.7.7
  • 7.0.0 (0)
  • 7.1.3.2
  • 7.1.3.4
  • 7.2.3
  • 8.0.0
  • 8.1.1
  • What's this?

Class deprecated or moved

This class is deprecated or moved on the latest stable version. The last existing version (v7.0.0) is shown here.

UnknownAttributeReference is raised when an unknown and potentially unsafe value is passed to a query method. For example, passing a non column name value to a relation’s #order method might cause this exception.

When working around this exception, caution should be taken to avoid SQL injection vulnerabilities when passing user-provided values to query methods. Known-safe values can be passed to query methods by wrapping them in Arel.sql.

For example, the following code would raise this exception:

Post.order("REPLACE(title, 'misc', 'zzzz') asc").pluck(:id)

The desired result can be accomplished by wrapping the known-safe string in Arel.sql:

Post.order(Arel.sql("REPLACE(title, 'misc', 'zzzz') asc")).pluck(:id)

Again, such a workaround should not be used when passing user-provided values, such as request parameters or model attributes to query methods.

Show files where this class is defined (1 file)
Register or log in to add new notes.