I'm creating a dynamic search for users where both the field and value are dynamic. I have it working now with the code below, but wanted to prevent possible SQL injection and wondered how to do this.
search_clause = "#{search_criteria.field} LIKE '%#{search_criteria.value}%'"
organizational_users.where(search_clause)
Can I parameterize search_clause even with a dynamic field? How can I do this?
The key to the question is solving the dynamic part of the field, the duplicate question suggestion does not really address that part.
Any help/suggestions would be appreciated!