We can't suggest You anything specific unless You share Your controller code.
In most cases You just specify order
clause to Your DB query.
For instance:
class ProductsController < ApplicationController
def index
# assuming You passed order field in GET param: /products?order_by=name
@products = Product.order(params[:order_by])
end
end
UPDATED
You should be able to use it this method for quoting. It's defined on Your connection object (SomeModel.connection
)
irb(main):001:0> Movie.connection.quote_column_name("name")
=> "\"name\""
irb(main):004:0> Movie.connection.quote_column_name("name; DELETE FROM users;")
=> "\"name; DELETE FROM users;\""
Even better probably would be using only column names defined by You.