RSpec
Ruby on Rails
Ruby
method
disallow_raw_sql!
v6.0.0 -
Show latest stable
-
0 notes -
Class: ClassMethods
- 1.0.0
- 1.1.6
- 1.2.6
- 2.0.3
- 2.1.0
- 2.2.1
- 2.3.8
- 3.0.0
- 3.0.9
- 3.1.0
- 3.2.1
- 3.2.8
- 3.2.13
- 4.0.2
- 4.1.8
- 4.2.1
- 4.2.7
- 4.2.9
- 5.0.0.1
- 5.1.7
- 5.2.3
- 6.0.0 (0)
- 6.1.3.1 (0)
- 6.1.7.7 (0)
- 7.0.0 (0)
- 7.1.3.2 (0)
- What's this?
-
disallow_raw_sql!
-
expand_hash_conditions_for_...
(<= v5.2.3)
-
expand_range_bind_variables
(<= v3.2.13)
-
quote_bound_value
-
quote_value
(<= v5.0.0.1)
-
raise_if_bind_arity_mismatch
-
replace_bind_variable
-
replace_bind_variables
-
replace_named_bind_variables
-
sanitize
(<= v5.0.0.1)
-
sanitize_conditions
(<= v5.1.7)
-
sanitize_sql
-
sanitize_sql_array
-
sanitize_sql_for_assignment
-
sanitize_sql_for_conditions
-
sanitize_sql_for_order
-
sanitize_sql_hash
(<= v4.2.9)
-
sanitize_sql_hash_for_assig...
-
sanitize_sql_hash_for_condi...
(<= v4.2.9)
-
sanitize_sql_like
= private
= protected
disallow_raw_sql!(args, permit: connection.column_name_matcher)
public
Hide source
# File activerecord/lib/active_record/sanitization.rb, line 137 def disallow_raw_sql!(args, permit: connection.column_name_matcher) # :nodoc: unexpected = nil args.each do |arg| next if arg.is_a?(Symbol) || Arel.arel_node?(arg) || permit.match?(arg.to_s) (unexpected ||= []) << arg end return unless unexpected if allow_unsafe_raw_sql == :deprecated ActiveSupport::Deprecation.warn( "Dangerous query method (method whose arguments are used as raw " "SQL) called with non-attribute argument(s): " "#{unexpected.map(&:inspect).join(", ")}. Non-attribute " "arguments will be disallowed in Rails 6.1. This method should " "not be called with user-provided values, such as request " "parameters or model attributes. Known-safe values can be passed " "by wrapping them in Arel.sql()." ) else raise(ActiveRecord::UnknownAttributeReference, "Query method called with non-attribute argument(s): " + unexpected.map(&:inspect).join(", ") ) end end
