It used in this part of code:

some_list.where("'#{@new_params[:email]}' ~~* name").any?

I tried to use google search, but i found only description of ~ rxp and this same unclear for me (especially in example). I had no experience with Ruby earlier, sorry if question is stupid.

CodePudding user response：

~~* doen't actually have anything to with Ruby. Its the Postgres specific ILIKE operator for pattern matching.

This code is also a textbook example of a SQL injection vulnerability. The user input should be parameterized.

some_list.where("? ~~* name", @new_params[:email]).any?

This code is also pretty bizarre in that it has a Yoda condition. Normally you would write it as:

some_list.where("name ~~* ?", @new_params[:email]).any?

CodePudding user response：

That has nothing do do with ruby. You construct a sql query and pass it into the #where method therefor it is a PostgreSQL operator.

The operator ~~ is equivalent to LIKE, and ~~* corresponds to ILIKE. There are also !~~ and !~~* operators that represent NOT LIKE and NOT ILIKE, respectively. All of these operators are PostgreSQL-specific.

That's what you are passing into it:

"[email protected] ILIKE name"

CodePudding user response：

Any string in a where clause will be put into the SQL query which is then handed off to the database. So the ~~* syntax is not ruby, but SQL. My guess would be, that you are using Postgres as a DB, because:

The operator ~~ is equivalent to LIKE, and ~~* corresponds to ILIKE. There are also !~~ and !~~* operators that represent NOT LIKE and NOT ILIKE, respectively. All of these operators are PostgreSQL-specific.

Taken from: https://www.postgresql.org/docs/current/functions-matching.html#FUNCTIONS-LIKE