class ActiveRecord::UnknownAttributeReference

values, such as request parameters or model attributes to query methods.
Again, such a workaround should not be used when passing user-provided
Post.order(Arel.sql(“REPLACE(title, ‘misc’, ‘zzzz’) asc”)).pluck(:id)
in Arel.sql:
The desired result can be accomplished by wrapping the known-safe string
Post.order(“REPLACE(title, ‘misc’, ‘zzzz’) asc”).pluck(:id)
For example, the following code would raise this exception:
in Arel.sql.
methods. Known-safe values can be passed to query methods by wrapping them
injection vulnerabilities when passing user-provided values to query
When working around this exception, caution should be taken to avoid SQL
value to a relation’s #order method might cause this exception.
value is passed to a query method. For example, passing a non column name
UnknownAttributeReference is raised when an unknown and potentially unsafe

Modules

Classes

class ActiveRecord::UnknownAttributeReference

Namespace

Parent class

Defined in