method

disallow_raw_sql!

v7.1.3.2 - Show latest stable - 0 notes - Class: ClassMethods

1.0.0
1.1.6
1.2.6
2.0.3
2.1.0
2.2.1
2.3.8
3.0.0
3.0.9
3.1.0
3.2.1
3.2.8
3.2.13
4.0.2
4.1.8
4.2.1
4.2.7
4.2.9
5.0.0.1
5.1.7
5.2.3
6.0.0 (0)
6.1.3.1 (0)
6.1.7.7 (0)
7.0.0 (0)
7.1.3.2 (0)
7.1.3.4 (0)
What's this?

disallow_raw_sql!(args, permit: connection.column_name_matcher) public

No documentation

This method has no description. You can help the Ruby on Rails community by adding new notes.

# File activerecord/lib/active_record/sanitization.rb, line 176
      def disallow_raw_sql!(args, permit: connection.column_name_matcher) # :nodoc:
        unexpected = nil
        args.each do |arg|
          next if arg.is_a?(Symbol) || Arel.arel_node?(arg) || permit.match?(arg.to_s.strip)
          (unexpected ||= []) << arg
        end

        if unexpected
          raise(ActiveRecord::UnknownAttributeReference,
            "Dangerous query method (method whose arguments are used as raw "              "SQL) called with non-attribute argument(s): "              "#{unexpected.map(&:inspect).join(", ")}."              "This method should not be called with user-provided values, such as request "              "parameters or model attributes. Known-safe values can be passed "              "by wrapping them in Arel.sql()."
          )
        end
      end

disallow_raw_sql!

Related methods

No documentation