v1.1.6 - Show latest stable - 3 notes - Class: ActiveRecord::Base
sanitize_sql(ary) protected

Accepts an array or string. The string is returned untouched, but the array has each value sanitized and interpolated into the sql statement.

  ["name='%s' and group_id='%s'", "foo'bar", 4]  returns  "name='foo''bar' and group_id='4'"
Show source
Register or log in to add new notes.
January 2, 2009 - (<= v2.2.1)
3 thanks

What to use instead

For versions 2.0+, use ActiveRecord::Base::sanitize_sql_array

January 23, 2009
1 thank

Alternate for Rails 2.0

Obviously these methods are protected so usage in an app is discouraged. But if you need to use it anyway for some reason Rails 2.0 also has sanitize_sql_for_conditions which operates exactly like sanitize_sql used to (i.e. it determines if it needs to be processed as an array or hash). So if you are going to blow by the protected status might as well use the easier version. :)

October 13, 2010 - (v2.1.0 - v3.0.0)
1 thank