method

disallow_raw_sql!

Importance_0
v7.1.3.4 - Show latest stable - 0 notes - Class: ClassMethods
disallow_raw_sql!(args, permit: connection.column_name_matcher) public

No documentation

This method has no description. You can help the Ruby on Rails community by adding new notes.

Hide source
# File activerecord/lib/active_record/sanitization.rb, line 176
      def disallow_raw_sql!(args, permit: connection.column_name_matcher) # :nodoc:
        unexpected = nil
        args.each do |arg|
          next if arg.is_a?(Symbol) || Arel.arel_node?(arg) || permit.match?(arg.to_s.strip)
          (unexpected ||= []) << arg
        end

        if unexpected
          raise(ActiveRecord::UnknownAttributeReference,
            "Dangerous query method (method whose arguments are used as raw "              "SQL) called with non-attribute argument(s): "              "#{unexpected.map(&:inspect).join(", ")}."              "This method should not be called with user-provided values, such as request "              "parameters or model attributes. Known-safe values can be passed "              "by wrapping them in Arel.sql()."
          )
        end
      end
Register or log in to add new notes.