method

sanitize_sql_array

v5.1.7 - Show latest stable - 0 notes - Class: ClassMethods

sanitize_sql_array(ary) private

Accepts an array of conditions. The array has each value sanitized and interpolated into the SQL statement.

sanitize_sql_array(["name=? and group_id=?", "foo'bar", 4])
# => "name='foo''bar' and group_id=4"

sanitize_sql_array(["name=:name and group_id=:group_id", name: "foo'bar", group_id: 4])
# => "name='foo''bar' and group_id=4"

sanitize_sql_array(["name='%s' and group_id='%s'", "foo'bar", 4])
# => "name='foo''bar' and group_id='4'"

Show source

# File activerecord/lib/active_record/sanitization.rb, line 148
        def sanitize_sql_array(ary) # :doc:
          statement, *values = ary
          if values.first.is_a?(Hash) && /:\w+/.match?(statement)
            replace_named_bind_variables(statement, values.first)
          elsif statement.include?("?")
            replace_bind_variables(statement, values)
          elsif statement.blank?
            statement
          else
            statement % values.collect { |value| connection.quote_string(value.to_s) }
          end
        end

sanitize_sql_array

Related methods