Dangerous query method (method whose arguments are used as raw SQL) called with non-attribute argument(s)
所以,不能在ruby代码中直接: MyModel.order("#{params[:order_by_column]} #{params[:asc_or_desc]}")
而是需要这样: MyModel.order(Arel.sql("#{params[:order_by_column]} #{params[:asc_or_desc]}"))