method
sanitize_sql_array
v3.0.9 -
Show latest stable
-
0 notes -
Class: ActiveRecord::Base
- 1.0.0
- 1.1.6
- 1.2.6 (0)
- 2.0.3 (0)
- 2.1.0 (0)
- 2.2.1 (0)
- 2.3.8 (0)
- 3.0.0 (0)
- 3.0.9 (-1)
- 3.1.0 (0)
- 3.2.1
- 3.2.8
- 3.2.13
- 4.0.2
- 4.1.8
- 4.2.1
- 4.2.7
- 4.2.9
- 5.0.0.1
- 5.1.7
- 5.2.3
- 6.0.0
- 6.1.3.1
- 6.1.7.7
- 7.0.0
- 7.1.3.2
- 7.1.3.4
- What's this?
Related methods
- Class methods (218)
- ===
- abstract_class?
- accessible_attributes (<= v2.3.8)
- active_connection_name (<= v2.1.0)
- add_conditions! (<= v2.3.8)
- add_group! (<= v2.3.8)
- add_joins! (<= v2.3.8)
- add_limit! (<= v2.3.8)
- add_lock! (<= v2.3.8)
- add_order! (<= v2.3.8)
- aggregate_mapping
- all (<= v2.3.8)
- all_attributes_exists?
- allow_concurrency (<= v2.3.8)
- allow_concurrency= (<= v2.3.8)
- arel_engine
- arel_table
- array_of_strings? (<= v2.3.8)
- attr_accessible (<= v2.3.8)
- attribute_condition (<= v2.3.8)
- attribute_method?
- attribute_names (>= v3.1.0)
- attributes_protected_by_def...
- attr_protected (<= v2.3.8)
- attr_readonly
- base_class
- before_remove_const
- benchmark (<= v2.3.8)
- build_default_scope (>= v3.1.0)
- class_name (<= v2.3.8)
- class_name_of_active_record... (<= v2.3.8)
- class_of_active_record_desc...
- clear_active_connection_name (<= v2.1.0)
- clear_active_connections! (>= v1.1.6)
- clear_all_cached_connections! (<= v2.1.0)
- clear_cache! (>= v1.1.6)
- clear_connection_cache! (<= v1.0.0)
- clear_reloadable_connections! (<= v2.1.0)
- colorize_logging
- colorize_logging=
- column_defaults (>= v3.1.0)
- column_methods_hash
- column_names
- columns
- columns_hash
- compute_table_name
- compute_type
- configurations
- connected?
- connection
- connection= (<= v2.1.0)
- connection_config (>= v3.1.0)
- connection_handler
- connection_id (>= v3.2.1)
- connection_id= (>= v3.2.1)
- connection_pool
- construct_attributes_from_a...
- construct_conditions_from_a... (<= v1.1.6)
- construct_finder_arel
- construct_finder_sql (<= v2.3.8)
- content_columns
- count (<= v1.0.0)
- count_by_sql
- create
- current_scope (>= v3.1.0)
- current_scope= (>= v3.1.0)
- current_scoped_methods
- decrement_counter (<= v2.3.8)
- default_scope
- default_select (<= v2.3.8)
- default_timezone
- define_attr_method (<= v2.3.8)
- delete (<= v2.3.8)
- delete_all (<= v2.3.8)
- descends_from_active_record?
- destroy (<= v2.3.8)
- destroy_all (<= v2.3.8)
- determine_deprecated_finder (<= v1.2.6)
- determine_finder (<= v2.1.0)
- determine_instantiator (<= v2.1.0)
- encode_quoted_value
- establish_connection
- evaluate_default_scope (>= v3.1.0)
- exists? (<= v2.3.8)
- expand_attribute_names_for_...
- expand_hash_conditions_for_...
- expand_id_conditions (<= v2.3.8)
- expand_range_bind_variables
- extract_attribute_names_fro... (<= v2.1.0)
- extract_options_from_args! (<= v1.0.0)
- find (<= v2.3.8)
- find_by_sql
- finder_needs_type_condition?
- find_every (<= v2.3.8)
- find_from_ids (<= v2.3.8)
- find_initial (<= v2.3.8)
- find_last (<= v2.3.8)
- find_one (<= v2.3.8)
- find_some (<= v2.3.8)
- find_sti_class
- first (<= v2.3.8)
- full_table_name_prefix
- generated_feature_methods (>= v3.2.1)
- get_primary_key (<= v2.3.8)
- human_attribute_name (<= v2.3.8)
- human_name (<= v2.3.8)
- i18n_scope
- ignore_default_scope= (>= v3.1.0)
- ignore_default_scope? (>= v3.1.0)
- increment_counter (<= v2.3.8)
- inheritance_column
- inheritance_column=
- inherited (>= v2.1.0)
- initialize_generated_modules (>= v3.2.1)
- inspect
- instantiate
- last (<= v2.3.8)
- log_connections (<= v2.1.0)
- logger
- lookup_ancestors
- matches_dynamic_finder? (<= v2.1.0)
- matches_dynamic_finder_with... (<= v2.1.0)
- merge_conditions (<= v2.3.8)
- merge_includes (<= v2.3.8)
- merge_joins (<= v2.3.8)
- method_missing
- mysql2_connection (>= v3.1.0)
- mysql_connection
- new
- parse_config! (<= v1.2.6)
- parse_sqlite_config! (<= v2.3.8)
- pluralize_table_names
- postgresql_connection
- primary_key (<= v2.3.8)
- primary_key_prefix_type
- protected_attributes (<= v2.3.8)
- quote_bound_value
- quoted_table_name
- quote_value
- raise_if_bind_arity_mismatch
- read_methods (<= v1.0.0)
- readonly_attributes
- relation
- remove_connection
- remove_stale_cached_threads! (<= v2.1.0)
- replace_bind_variables
- replace_named_bind_variables
- require_mysql (<= v2.1.0)
- reset_column_information
- reset_column_information_an...
- reset_counters (<= v2.3.8)
- reset_primary_key (<= v2.3.8)
- reset_scoped_methods
- reset_sequence_name
- reset_subclasses
- reset_table_name
- respond_to?
- retrieve_connection
- reverse_sql_order (<= v2.3.8)
- safe_to_array (<= v2.3.8)
- sanitize
- sanitize_conditions
- sanitize_sql
- sanitize_sql_array
- sanitize_sql_for_assignment
- sanitize_sql_for_conditions
- sanitize_sql_hash
- sanitize_sql_hash_for_assig...
- sanitize_sql_hash_for_condi...
- schema_format
- scope (<= v2.3.8)
- scoped? (<= v2.3.8)
- scoped_methods
- scoped_methods= (<= v1.0.0)
- self_and_descendants_from_a... (<= v2.3.8)
- self_and_descendents_from_a... (<= v2.2.1)
- sequence_name
- sequence_name=
- serialize
- serialized_attributes
- set_inheritance_column
- set_locking_column (<= v1.1.6)
- set_primary_key (<= v2.3.8)
- set_readonly_option! (<= v2.3.8)
- set_sequence_name
- set_table_name
- silence (<= v2.3.8)
- single_threaded_active_conn... (<= v2.1.0)
- single_threaded_scoped_methods (<= v2.1.0)
- sqlite3_connection
- sqlite_connection (<= v2.3.8)
- sti_name
- subclasses
- symbolized_base_class (>= v3.1.0)
- symbolized_sti_name (>= v3.1.0)
- table_exists?
- table_name
- table_name=
- table_name_prefix
- table_name_suffix
- threaded_connections (<= v1.0.0)
- threaded_connections= (<= v1.0.0)
- thread_safe_active_connections (<= v2.1.0)
- thread_safe_scoped_methods (<= v2.1.0)
- timestamped_migrations
- type_condition
- type_name_with_module (<= v2.3.8)
- undecorated_table_name
- unscoped
- update (<= v2.3.8)
- update_all (<= v2.3.8)
- update_counters (<= v2.3.8)
- validate_find_options (<= v2.3.8)
- verification_timeout (<= v2.3.8)
- verification_timeout= (<= v2.3.8)
- verify_active_connections! (<= v2.1.0)
- with_exclusive_scope
- with_scope
- Instance methods (107)
- <=> (>= v3.1.0)
- ==
- []
- []=
- arel_attributes_values
- assign_attributes (>= v2.3.8)
- assign_multiparameter_attri...
- attribute_for_inspect
- attribute_names
- attribute_present?
- attributes
- attributes=
- attributes_before_type_cast (<= v2.3.8)
- attributes_from_column_defi... (<= v2.3.8)
- attributes_protected_by_def... (<= v2.3.8)
- attributes_with_quotes (<= v2.3.8)
- becomes (<= v2.3.8)
- cache_key
- clear_timestamp_attributes (>= v3.1.0)
- clone (<= v2.3.8)
- clone_attributes
- clone_attribute_value
- column_for_attribute
- comma_pair_list
- connection
- convert_number_column_value
- create (<= v2.3.8)
- create_or_update (<= v2.3.8)
- decrement (<= v2.3.8)
- decrement! (<= v2.3.8)
- define_question_method (<= v1.2.6)
- define_read_method (<= v1.2.6)
- define_read_method_for_seri... (<= v1.2.6)
- define_read_methods (<= v1.2.6)
- delete (<= v2.3.8)
- destroy (<= v2.3.8)
- destroyed? (<= v2.3.8)
- dup
- encode_with (>= v3.1.0)
- ensure_proper_type
- eql?
- evaluate_read_method (<= v1.2.6)
- execute_callstack_for_multi...
- extract_callstack_for_multi...
- extract_max_param_for_multi... (>= v3.1.0)
- find_parameter_position
- freeze
- frozen?
- has_attribute?
- hash
- id (<= v2.3.8)
- id= (<= v2.3.8)
- id_before_type_cast (<= v2.3.8)
- increment (<= v2.3.8)
- increment! (<= v2.3.8)
- initialize_copy
- initialize_dup (>= v3.1.0)
- init_with
- inspect
- instantiate_time_object
- interpolate_and_sanitize_sql
- interpolate_sanitized_sql
- interpolate_sql (<= v3.0.0)
- log_protected_attribute_rem... (<= v2.3.8)
- mass_assignment_options (>= v3.1.0)
- mass_assignment_role (>= v3.1.0)
- method_missing (<= v1.2.6)
- new_record? (<= v2.3.8)
- object_from_yaml
- populate_with_current_scope...
- query_attribute (<= v1.2.6)
- quote (<= v1.2.6)
- quote_columns
- quoted_column_names (<= v2.3.8)
- quoted_comma_pair_list
- quoted_id
- quote_value
- read_attribute (<= v1.2.6)
- read_attribute_before_type_... (<= v1.2.6)
- read_date_parameter_value (>= v3.1.0)
- readonly!
- readonly?
- read_other_parameter_value (>= v3.1.0)
- read_time_parameter_value (>= v3.1.0)
- read_value_from_parameter (>= v3.1.0)
- reload (<= v2.3.8)
- remove_attributes_protected... (<= v2.3.8)
- remove_readonly_attributes (<= v2.3.8)
- respond_to? (<= v1.2.6)
- save (<= v2.3.8)
- save! (<= v2.3.8)
- set_serialized_attributes (>= v3.1.0)
- to_ary (>= v3.1.0)
- toggle (<= v2.3.8)
- toggle! (<= v2.3.8)
- to_param
- to_xml (<= v1.1.6)
- to_yaml (>= v3.2.1)
- type_cast_attribute_value
- unserializable_attribute? (<= v1.2.6)
- unserialize_attribute (<= v1.2.6)
- update (<= v2.3.8)
- update_attribute (<= v2.3.8)
- update_attributes (<= v2.3.8)
- update_attributes! (<= v2.3.8)
- write_attribute (<= v1.2.6)
- yaml_initialize (>= v3.2.1)
= private
= protected
sanitize_sql_array(ary)
protected
Accepts an array of conditions. The array has each value sanitized and interpolated into the SQL statement.
["name='%s' and group_id='%s'", "foo'bar", 4] returns "name='foo''bar' and group_id='4'"
Show source
# File activerecord/lib/active_record/base.rb, line 1318 def sanitize_sql_array(ary) statement, *values = ary if values.first.is_a?(Hash) and statement =~ /:\w+/ replace_named_bind_variables(statement, values.first) elsif statement.include?('?') replace_bind_variables(statement, values) elsif statement.blank? statement else statement % values.collect { |value| connection.quote_string(value.to_s) } end end