RailsHow-ToBeginner · 3 min read

How to Use where in Rails: Query Records Easily

In Rails, use where to filter records by conditions in your database queries. It accepts a hash, string, or array to specify conditions and returns an ActiveRecord::Relation with matching records.

📐

Syntax

The where method filters records based on conditions you provide. You can pass a hash for simple equality, a string for raw SQL, or an array for parameterized queries.

Model.where(attribute: value) - filters by attribute equal to value.
Model.where("age > ?", 30) - uses SQL with placeholders.
Model.where("name = ? AND active = ?", "Alice", true) - multiple conditions with parameters.

ruby

User.where(name: "Alice")
User.where("age > ?", 30)
User.where("name = ? AND active = ?", "Alice", true)

💻

Example

This example shows how to find all users named "Alice" who are active.

ruby

class User < ApplicationRecord
end

# Find users named Alice
users_named_alice = User.where(name: "Alice")

# Find active users named Alice
active_alice = User.where(name: "Alice", active: true)

# Find users older than 30
older_users = User.where("age > ?", 30)

puts users_named_alice.to_sql
puts active_alice.to_sql
puts older_users.to_sql

Output

SELECT "users".* FROM "users" WHERE "users"."name" = 'Alice' SELECT "users".* FROM "users" WHERE "users"."name" = 'Alice' AND "users"."active" = 't' SELECT "users".* FROM "users" WHERE (age > 30)

⚠️

Common Pitfalls

Common mistakes include passing unsafe strings that can cause SQL injection, forgetting to use parameter placeholders, or expecting where to return a single record instead of a collection.

Always use parameterized queries or hashes to keep queries safe and avoid errors.

ruby

 # Unsafe (vulnerable to SQL injection)
User.where("name = '#{params[:name]}'")

# Safe (parameterized)
User.where("name = ?", params[:name])

📊

Quick Reference

Hash syntax: where(attribute: value) for simple equals.
String with placeholders: where("age > ?", 30) for complex conditions.
Multiple conditions: combine in hash or string with AND.
Returns: an ActiveRecord::Relation (chainable query).

✅

Key Takeaways

Use where to filter records by conditions in Rails queries.

Pass conditions as hashes for simple equality or strings with placeholders for complex queries.

Always use parameterized queries to avoid SQL injection risks.

where returns a chainable ActiveRecord::Relation, not a single record.

Combine multiple conditions using hashes or SQL AND in strings.