ActiveRecord user-supplied column name

Question

I am trying to allow the end-user of a rails app to limit results based on the value of an arbitrary column. At its simplest, I want to do something roughly equivalent to:

Answer 1

To prevent sql injection, you should validate the column is a valid one

valid_cols = ["c1", "c2"]
valid_cols.include?(column) or raise "Bad query"

Then you can just use the query interface as before

Model.where("#{column} >= ?", min)