The latest articles on DEV Community by Hugo Duksis (@duksis). https://dev.to/duksis https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F81132%2Fed1b4344-0c3f-4567-a9d6-2d9d91bb0f80.jpeg https://dev.to/duksis en Hugo Duksis Tue, 20 Feb 2024 14:35:21 +0000 https://dev.to/elixir-berlin/ecto-order-by-a-dynamic-fragment-5eic https://dev.to/elixir-berlin/ecto-order-by-a-dynamic-fragment-5eic <h2> Problem description: </h2> <p>Urgent need to return the results of a query in a predefined sort order by id. The project uses Ecto, MySQL and in SQL the sorting would look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">ORDER</span> <span class="k">BY</span> <span class="n">FIELD</span><span class="p">(</span><span class="n">id</span><span class="p">,</span> <span class="mi">5</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">)</span> </code></pre> </div> <p>and in Ecto something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight elixir"><code><span class="o">|&gt;</span> <span class="n">order_by</span><span class="p">(</span><span class="n">q</span><span class="p">,</span> <span class="n">fragment</span><span class="p">(</span><span class="s2">"FIELD(?, ?, ?, ?)"</span><span class="p">,</span> <span class="n">q</span><span class="o">.</span><span class="n">id</span><span class="p">,</span> <span class="mi">5</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">))</span> </code></pre> </div> <p>Looks good! dosen't it?</p> <p>No. The problem is that the list of ID's is dynamic, including its size. And this means two things</p> <ol> <li> <code>fragment</code> function should be called with different arity based on values provided at runtime. (e.g. <code>fragment/5</code>, <code>fragment/10</code>, ...)</li> <li>first parameter of the <code>fragment</code> function changes at runtime as well because we need as many question marks as there are elements in the list + 1 for the field reference.</li> </ol> <p>And out of nr. 2 comes another problem. <br> We can not just pass an interpolated string to fragment as this is not allowed do to potential SQL injections.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>(Ecto.Query.CompileError) to prevent SQL injection attacks, fragment(...) does not allow strings to be interpolated as the first argument via the `^` operator </code></pre> </div> <h2> Solution <code>splice</code>: </h2> <p>If you are or have the possibility to upgrade your Ecto version to <code>3.11</code> or above you can use <a href="https://hexdocs.pm/ecto/3.11.0/Ecto.Query.API.html#splice/1"><code>splice(list)</code></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight elixir"><code><span class="n">fragment</span><span class="p">(</span><span class="s2">"? in (?)"</span><span class="p">,</span> <span class="n">p</span><span class="o">.</span><span class="n">id</span><span class="p">,</span> <span class="n">splice</span><span class="p">(</span><span class="o">^</span><span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">]))</span> </code></pre> </div> <p>and this will be the same as<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight elixir"><code><span class="n">from</span> <span class="n">p</span> <span class="ow">in</span> <span class="no">Post</span><span class="p">,</span> <span class="ss">where:</span> <span class="n">fragment</span><span class="p">(</span><span class="s2">"? in (?,?,?)"</span><span class="p">,</span> <span class="n">p</span><span class="o">.</span><span class="n">id</span><span class="p">,</span> <span class="o">^</span><span class="mi">1</span><span class="p">,</span> <span class="o">^</span><span class="mi">2</span><span class="p">,</span> <span class="o">^</span><span class="mi">3</span><span class="p">)</span> </code></pre> </div> <p>I first encountered this problem before ecto 3.11 and if you are on an older project and not able to upgrade your version of ecto there are few options for you</p> <ol> <li>Reconsider upgrading Ecto</li> <li>Try <a href="https://github.com/elixir-ecto/ecto/blob/a5187f3b7aef528b501cd505de4ac1a656b43634/lib/ecto/query/builder.ex#L688">backporting <code>splice</code></a> </li> <li>Write a less sophisticated macro that serves your specific needs</li> </ol> <h2> Resources: </h2> <p><a href="https://hexdocs.pm/ecto/3.11.0/Ecto.Query.API.html#splice/1">https://hexdocs.pm/ecto/3.11.0/Ecto.Query.API.html#splice/1</a><br> <a href="https://stackoverflow.com/questions/59042043/using-unquote-splicing-in-macros-with-modified-lists">https://stackoverflow.com/questions/59042043/using-unquote-splicing-in-macros-with-modified-lists</a></p> ecto elixir phoenix mysql