Menu
Referencing the methods in this doc primarily https://api.rubyonrails.org/classes/ActiveRecord/Sanitization/ClassMethods.html
I have a sql, id = :id, and the user input for the binded variables that are coming in that I need to sanitize. sanitize_sql_for_conditions works perfectly for my situation. However, it seems that it can only be called through the method or through an active DB connection. Is there a way to the the sanitize_sql_* methods without a model or db connection? I know ActiveRecord::Base::sanitize_sql works, but I would prefer not to use a deprecated method.
Currently on rails 5.2
694
asked Oct 28 '25 02:10
tl;dr There's no way to do it without a connection to the database.
Gonna answer my own question here since I dug through how sanitize_sql_for_conditions works. When using sanitize_sql_for_conditions with an array input containing the sql and hashes, it ultimately points to replace_bind_variable(value, c = connection) which requires a connection to the db in order to determine what quote method to use. So no luck here.
83
answered Oct 30 '25 17:10
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With