method
disallow_raw_sql!
v7.1.3.4 -
Show latest stable
-
0 notes -
Class: ClassMethods
- 1.0.0
- 1.1.6
- 1.2.6
- 2.0.3
- 2.1.0
- 2.2.1
- 2.3.8
- 3.0.0
- 3.0.9
- 3.1.0
- 3.2.1
- 3.2.8
- 3.2.13
- 4.0.2
- 4.1.8
- 4.2.1
- 4.2.7
- 4.2.9
- 5.0.0.1
- 5.1.7
- 5.2.3
- 6.0.0 (0)
- 6.1.3.1 (0)
- 6.1.7.7 (0)
- 7.0.0 (0)
- 7.1.3.2 (0)
- 7.1.3.4 (0)
- What's this?
disallow_raw_sql!(args, permit: connection.column_name_matcher)
public
Hide source
# File activerecord/lib/active_record/sanitization.rb, line 176 def disallow_raw_sql!(args, permit: connection.column_name_matcher) # :nodoc: unexpected = nil args.each do |arg| next if arg.is_a?(Symbol) || Arel.arel_node?(arg) || permit.match?(arg.to_s.strip) (unexpected ||= []) << arg end if unexpected raise(ActiveRecord::UnknownAttributeReference, "Dangerous query method (method whose arguments are used as raw " "SQL) called with non-attribute argument(s): " "#{unexpected.map(&:inspect).join(", ")}." "This method should not be called with user-provided values, such as request " "parameters or model attributes. Known-safe values can be passed " "by wrapping them in Arel.sql()." ) end end