RSpec
Ruby on Rails
Ruby
method
sanitize_sql
v1.1.6 -
Show latest stable
-
3 notes -
Class: ActiveRecord::Base
- 1.0.0 (0)
- 1.1.6 (0)
- 1.2.6 (13)
- 2.0.3
- 2.1.0
- 2.2.1
- 2.3.8
- 3.0.0
- 3.0.9 (-32)
- 3.1.0 (0)
- 3.2.1
- 3.2.8
- 3.2.13
- 4.0.2
- 4.1.8
- 4.2.1
- 4.2.7
- 4.2.9
- 5.0.0.1
- 5.1.7
- 5.2.3
- 6.0.0
- 6.1.3.1
- 6.1.7.7
- 7.0.0
- 7.1.3.2
- 7.1.3.4
- What's this?
-
===
-
abstract_class?
-
accessible_attributes
(>= v2.1.0)
-
active_connection_name
(>= v2.1.0)
-
add_conditions!
-
add_group!
(>= v2.0.3)
-
add_joins!
-
add_limit!
-
add_lock!
(>= v1.2.6)
-
add_order!
(>= v1.2.6)
-
aggregate_mapping
(>= v2.1.0)
-
all
(>= v2.1.0)
-
all_attributes_exists?
-
allow_concurrency
(>= v2.2.1)
-
allow_concurrency=
(>= v2.1.0)
-
arel_engine
(>= v3.0.0)
-
arel_table
(>= v3.0.0)
-
array_of_strings?
(>= v2.2.1)
-
attr_accessible
-
attribute_condition
-
attribute_method?
(>= v3.0.0)
-
attribute_names
(>= v3.1.0)
-
attributes_protected_by_def...
(>= v3.0.0)
-
attr_protected
-
attr_readonly
(>= v2.0.3)
-
base_class
-
before_remove_const
(>= v3.0.9)
-
benchmark
-
build_default_scope
(>= v3.1.0)
-
class_name
(>= v2.1.0)
-
class_name_of_active_record...
(>= v1.0.0)
-
class_of_active_record_desc...
-
clear_active_connection_name
(>= v2.1.0)
-
clear_active_connections!
-
clear_all_cached_connections!
-
clear_cache!
-
clear_connection_cache!
(<= v1.0.0)
-
clear_reloadable_connections!
(>= v1.2.6)
-
colorize_logging
(>= v3.0.0)
-
colorize_logging=
(>= v3.0.9)
-
column_defaults
(>= v3.1.0)
-
column_methods_hash
(>= v1.0.0)
-
column_names
-
columns
-
columns_hash
-
compute_table_name
(>= v3.0.0)
-
compute_type
-
configurations
(>= v3.0.9)
-
connected?
-
connection
-
connection=
-
connection_config
(>= v3.1.0)
-
connection_handler
(>= v3.0.9)
-
connection_id
(>= v3.2.1)
-
connection_id=
(>= v3.2.1)
-
connection_pool
(>= v2.2.1)
-
construct_attributes_from_a...
-
construct_conditions_from_a...
-
construct_finder_arel
(>= v3.0.0)
-
construct_finder_sql
-
content_columns
-
count
(<= v1.0.0)
-
count_by_sql
-
create
-
current_scope
(>= v3.1.0)
-
current_scope=
(>= v3.1.0)
-
current_scoped_methods
(>= v2.1.0)
-
decrement_counter
-
default_scope
(>= v2.3.8)
-
default_select
(>= v2.3.8)
-
default_timezone
(>= v3.0.9)
-
define_attr_method
-
delete
-
delete_all
-
descends_from_active_record?
(>= v2.0.3)
-
destroy
-
destroy_all
-
determine_deprecated_finder
-
determine_finder
-
determine_instantiator
(>= v1.2.6)
-
encode_quoted_value
(>= v1.0.0)
-
establish_connection
-
evaluate_default_scope
(>= v3.1.0)
-
exists?
-
expand_attribute_names_for_...
(>= v2.1.0)
-
expand_hash_conditions_for_...
(>= v2.1.0)
-
expand_id_conditions
(>= v1.2.6)
-
expand_range_bind_variables
(>= v2.1.0)
-
extract_attribute_names_fro...
-
extract_options_from_args!
(<= v1.0.0)
-
find
-
find_by_sql
-
finder_needs_type_condition?
(>= v2.1.0)
-
find_every
-
find_from_ids
-
find_initial
-
find_last
(>= v2.1.0)
-
find_one
-
find_some
-
find_sti_class
(>= v3.0.0)
-
first
(>= v2.1.0)
-
full_table_name_prefix
(>= v2.3.8)
-
generated_feature_methods
(>= v3.2.1)
-
get_primary_key
(>= v2.1.0)
-
human_attribute_name
(>= v2.1.0)
-
human_name
(>= v2.2.1)
-
i18n_scope
(>= v3.0.0)
-
ignore_default_scope=
(>= v3.1.0)
-
ignore_default_scope?
(>= v3.1.0)
-
increment_counter
-
inheritance_column
-
inheritance_column=
(>= v3.0.9)
-
inherited
(>= v2.1.0)
-
initialize_generated_modules
(>= v3.2.1)
-
inspect
(>= v2.0.3)
-
instantiate
-
last
(>= v2.1.0)
-
log_connections
(>= v2.1.0)
-
logger
(>= v3.0.9)
-
lookup_ancestors
(>= v3.0.0)
-
matches_dynamic_finder?
(>= v2.1.0)
-
matches_dynamic_finder_with...
(>= v2.1.0)
-
merge_conditions
(>= v2.1.0)
-
merge_includes
-
merge_joins
(>= v2.2.1)
-
method_missing
-
mysql2_connection
(>= v3.1.0)
-
mysql_connection
(>= v2.1.0)
-
new
-
parse_config!
-
parse_sqlite_config!
(>= v2.0.3)
-
pluralize_table_names
(>= v3.0.9)
-
postgresql_connection
(>= v2.1.0)
-
primary_key
-
primary_key_prefix_type
(>= v3.0.9)
-
protected_attributes
(>= v2.1.0)
-
quote_bound_value
(>= v1.0.0)
-
quoted_table_name
(>= v2.0.3)
-
quote_value
(>= v2.1.0)
-
raise_if_bind_arity_mismatch
(>= v1.0.0)
-
read_methods
(<= v1.0.0)
-
readonly_attributes
(>= v2.0.3)
-
relation
(>= v3.0.0)
-
remove_connection
-
remove_stale_cached_threads!
-
replace_bind_variables
(>= v1.0.0)
-
replace_named_bind_variables
(>= v1.0.0)
-
require_mysql
(>= v1.2.6)
-
reset_column_information
-
reset_column_information_an...
(>= v2.1.0)
-
reset_counters
(>= v2.3.8)
-
reset_primary_key
(>= v1.0.0)
-
reset_scoped_methods
(>= v3.0.9)
-
reset_sequence_name
(>= v1.0.0)
-
reset_subclasses
(>= v1.0.0)
-
reset_table_name
(>= v1.0.0)
-
respond_to?
(>= v2.1.0)
-
retrieve_connection
(>= v2.1.0)
-
reverse_sql_order
(>= v2.1.0)
-
safe_to_array
-
sanitize
(>= v2.1.0)
-
sanitize_conditions
(>= v3.0.9)
-
sanitize_sql
-
sanitize_sql_array
(>= v1.2.6)
-
sanitize_sql_for_assignment
(>= v2.0.3)
-
sanitize_sql_for_conditions
(>= v2.0.3)
-
sanitize_sql_hash
(>= v1.2.6)
-
sanitize_sql_hash_for_assig...
(>= v2.0.3)
-
sanitize_sql_hash_for_condi...
(>= v2.0.3)
-
schema_format
(>= v3.0.9)
-
scope
(>= v1.0.0)
-
scoped?
(>= v1.0.0)
-
scoped_methods
(>= v1.0.0)
-
scoped_methods=
(<= v1.0.0)
-
self_and_descendants_from_a...
(>= v2.3.8)
-
self_and_descendents_from_a...
(>= v2.2.1)
-
sequence_name
(>= v1.0.0)
-
sequence_name=
(>= v3.0.9)
-
serialize
-
serialized_attributes
-
set_inheritance_column
-
set_locking_column
-
set_primary_key
-
set_readonly_option!
(>= v2.1.0)
-
set_sequence_name
-
set_table_name
-
silence
-
single_threaded_active_conn...
(>= v2.1.0)
-
single_threaded_scoped_methods
(>= v2.1.0)
-
sqlite3_connection
(>= v2.1.0)
-
sqlite_connection
(>= v2.1.0)
-
sti_name
(>= v2.1.0)
-
subclasses
(>= v1.0.0)
-
symbolized_base_class
(>= v3.1.0)
-
symbolized_sti_name
(>= v3.1.0)
-
table_exists?
-
table_name
-
table_name=
(>= v3.0.9)
-
table_name_prefix
(>= v3.0.9)
-
table_name_suffix
(>= v3.0.9)
-
threaded_connections
(<= v1.0.0)
-
threaded_connections=
(<= v1.0.0)
-
thread_safe_active_connections
(>= v2.1.0)
-
thread_safe_scoped_methods
(>= v2.1.0)
-
timestamped_migrations
(>= v3.0.9)
-
type_condition
-
type_name_with_module
-
undecorated_table_name
-
unscoped
(>= v3.0.0)
-
update
-
update_all
-
update_counters
(>= v2.0.3)
-
validate_find_options
(>= v1.0.0)
-
verification_timeout
(>= v2.2.1)
-
verification_timeout=
(>= v2.2.1)
-
verify_active_connections!
(>= v2.1.0)
-
with_exclusive_scope
-
with_scope
-
<=>
(>= v3.1.0)
-
==
-
[]
-
[]=
-
arel_attributes_values
(>= v3.0.0)
-
assign_attributes
(>= v2.3.8)
-
assign_multiparameter_attri...
-
attribute_for_inspect
(>= v2.0.3)
-
attribute_names
-
attribute_present?
-
attributes
-
attributes=
-
attributes_before_type_cast
-
attributes_from_column_defi...
-
attributes_protected_by_def...
-
attributes_with_quotes
-
becomes
(>= v2.0.3)
-
cache_key
(>= v2.1.0)
-
clear_timestamp_attributes
(>= v3.1.0)
-
clone
-
clone_attributes
-
clone_attribute_value
-
column_for_attribute
-
comma_pair_list
-
connection
-
convert_number_column_value
-
create
-
create_or_update
-
decrement
-
decrement!
-
define_question_method
-
define_read_method
-
define_read_method_for_seri...
(>= v1.2.6)
-
define_read_methods
-
delete
(>= v2.2.1)
-
destroy
-
destroyed?
(>= v2.3.8)
-
dup
(>= v3.0.0)
-
encode_with
(>= v3.1.0)
-
ensure_proper_type
-
eql?
-
evaluate_read_method
-
execute_callstack_for_multi...
-
extract_callstack_for_multi...
-
extract_max_param_for_multi...
(>= v3.1.0)
-
find_parameter_position
-
freeze
-
frozen?
-
has_attribute?
-
hash
-
id
-
id=
-
id_before_type_cast
(>= v2.1.0)
-
increment
-
increment!
-
initialize_copy
(>= v3.0.0)
-
initialize_dup
(>= v3.1.0)
-
init_with
(>= v3.0.9)
-
inspect
(>= v2.0.3)
-
instantiate_time_object
(>= v2.0.3)
-
interpolate_and_sanitize_sql
(>= v3.0.9)
-
interpolate_sanitized_sql
(>= v3.0.9)
-
interpolate_sql
-
log_protected_attribute_rem...
(>= v2.2.1)
-
mass_assignment_options
(>= v3.1.0)
-
mass_assignment_role
(>= v3.1.0)
-
method_missing
-
new_record?
-
object_from_yaml
-
populate_with_current_scope...
(>= v3.0.9)
-
query_attribute
-
quote
-
quote_columns
-
quoted_column_names
-
quoted_comma_pair_list
-
quoted_id
(>= v2.1.0)
-
quote_value
(>= v1.2.6)
-
read_attribute
-
read_attribute_before_type_...
-
read_date_parameter_value
(>= v3.1.0)
-
readonly!
(>= v1.0.0)
-
readonly?
-
read_other_parameter_value
(>= v3.1.0)
-
read_time_parameter_value
(>= v3.1.0)
-
read_value_from_parameter
(>= v3.1.0)
-
reload
-
remove_attributes_protected...
-
remove_readonly_attributes
(>= v2.0.3)
-
respond_to?
-
save
-
save!
-
set_serialized_attributes
(>= v3.1.0)
-
to_ary
(>= v3.1.0)
-
toggle
-
toggle!
-
to_param
-
to_xml
-
to_yaml
(>= v3.2.1)
-
type_cast_attribute_value
-
unserializable_attribute?
-
unserialize_attribute
-
update
-
update_attribute
-
update_attributes
-
update_attributes!
(>= v1.2.6)
-
write_attribute
-
yaml_initialize
(>= v3.2.1)
= private
= protected
sanitize_sql(ary)
protected
Accepts an array or string. The string is returned untouched, but the array has each value sanitized and interpolated into the sql statement.
["name='%s' and group_id='%s'", "foo'bar", 4] returns "name='foo''bar' and group_id='4'"
Register or
log in
to add new notes.
cayblood -
January 2, 2009 - (<= v2.2.1)
eric_programmer -
January 23, 2009
leente -
October 13, 2010 - (v2.1.0 - v3.0.0)
cayblood -
January 2, 2009 - (<= v2.2.1)
3 thanks
What to use instead
For versions 2.0+, use ActiveRecord::Base::sanitize_sql_array
eric_programmer -
January 23, 2009
1 thank
Alternate for Rails 2.0
Obviously these methods are protected so usage in an app is discouraged. But if you need to use it anyway for some reason Rails 2.0 also has sanitize_sql_for_conditions which operates exactly like sanitize_sql used to (i.e. it determines if it needs to be processed as an array or hash). So if you are going to blow by the protected status might as well use the easier version. :)
leente -
October 13, 2010 - (v2.1.0 - v3.0.0)
1 thank
Replacement
Use sanitize or connection.quote instead.
