Rails 一些地方（例如.order('xx')中），需要使用arel.sql('xx')语句

refer to:
https://stackoverflow.com/questions/49887593/deprecation-warning-dangerous-query-method-method-whose-arguments-are-used-as

Dangerous query method (method whose arguments are used as raw SQL) called with non-attribute argument(s)

所以，不能在ruby代码中直接： MyModel.order("#{params[:order_by_column]} #{params[:asc_or_desc]}")

而是需要这样： MyModel.order(Arel.sql("#{params[:order_by_column]} #{params[:asc_or_desc]}"))