v1.2.0 - Show latest stable - 3 notes - Class: ActiveRecord::Base
sanitize_sql(condition) protected

Accepts an array, hash, or string of sql conditions and sanitizes them into a valid SQL fragment.

  ["name='%s' and group_id='%s'", "foo'bar", 4]  returns  "name='foo''bar' and group_id='4'"
  { :name => "foo'bar", :group_id => 4 }  returns "name='foo''bar' and group_id='4'"
  "name='foo''bar' and group_id='4'" returns "name='foo''bar' and group_id='4'"
Show source
Register or log in to add new notes.
January 2, 2009 - (v2.0.0 - v2.2.1)
3 thanks

What to use instead

For versions 2.0+, use ActiveRecord::Base::sanitize_sql_array

January 23, 2009
1 thank

Alternate for Rails 2.0

Obviously these methods are protected so usage in an app is discouraged. But if you need to use it anyway for some reason Rails 2.0 also has sanitize_sql_for_conditions which operates exactly like sanitize_sql used to (i.e. it determines if it needs to be processed as an array or hash). So if you are going to blow by the protected status might as well use the easier version. :)

October 13, 2010 - (v2.1.0 - v3.0.0)
1 thank