sanitize_sql
- 1.0.0 (0)
- 1.1.6 (0)
- 1.2.6 (13)
- 2.0.3
- 2.1.0
- 2.2.1
- 2.3.8
- 3.0.0
- 3.0.9 (-32)
- 3.1.0 (0)
- 3.2.1
- 3.2.8
- 3.2.13
- 4.0.2
- 4.1.8
- 4.2.1
- 4.2.7
- 4.2.9
- 5.0.0.1
- 5.1.7
- 5.2.3
- 6.0.0
- 6.1.3.1
- 6.1.7.7
- 7.0.0
- 7.1.3.2
- 7.1.3.4
- What's this?
sanitize_sql(condition)
protected
Accepts an array, hash, or string of sql conditions and sanitizes them into a valid SQL fragment.
["name='%s' and group_id='%s'", "foo'bar", 4] returns "name='foo''bar' and group_id='4'" { :name => "foo'bar", :group_id => 4 } returns "name='foo''bar' and group_id='4'" "name='foo''bar' and group_id='4'" returns "name='foo''bar' and group_id='4'"
What to use instead
For versions 2.0+, use ActiveRecord::Base::sanitize_sql_array
Alternate for Rails 2.0
Obviously these methods are protected so usage in an app is discouraged. But if you need to use it anyway for some reason Rails 2.0 also has sanitize_sql_for_conditions which operates exactly like sanitize_sql used to (i.e. it determines if it needs to be processed as an array or hash). So if you are going to blow by the protected status might as well use the easier version. :)
Replacement
Use sanitize or connection.quote instead.