Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to sanitize sql fragment in Rails

Tags:

sql

ruby-on-rails

sanitize

I have to sanitize a part of sql query. I can do something like this:

class << ActiveRecord::Base   public :sanitize_sql end  str = ActiveRecord::Base.sanitize_sql(["AND column1 = ?", "two's"], '')

But it is not safe because I expose protected method. What is a better way to do it?

like image 382
dimus Avatar asked Jun 09 '10 19:06

dimus

2 Answers

You can just use: 

ActiveRecord::Base::sanitize_sql(string)
like image 122
HashDog Team Avatar answered Sep 28 '22 07:09

HashDog Team

ActiveRecord::Base.connection.quote does the trick in Rails 3.x

like image 41
dimus Avatar answered Sep 28 '22 07:09

dimus
Sign in to Comment

Related questions

Using an environment variable in a PSQL script
How to SUM and SUBTRACT using SQL?
sqlalchemy simple example of `sum`, `average`, `min`, `max`
How to use the ConfigurationManager.AppSettings
How to restrict NULL as parameter to stored procedure SQL Server?
Duplicate a row in SQL?
PostgreSQL Where count condition
How to extend the timeout of a SQL query
SQL Update Multiple Fields FROM via a SELECT Statement
How to search for a substring in SQLite?
VARCHAR as foreign key/primary key in database good or bad?
Is there a severe performance hit for using Foreign Keys in SQL Server?
How can I get the number of days between 2 dates in Oracle 11g?
Difference between INT PRIMARY KEY and INTEGER PRIMARY KEY SQLite
Is there something wrong with joins that don't use the JOIN keyword in SQL or MySQL?
How to hint the index to use in a MySQL select query?
Can a Check constraint relate to another table?
sqlite insert into table select * from
SQL Server Count is slow
Stored Procedure with optional "WHERE" parameters

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!