I am doing some plain SQLs in my rails model (for purists this is just for complex SQLs :) Since I am not using find*/condition methods, is there a helper method that I can use straight to do that?

The <code>quote</code> method on the connection object escapes strings. When building up queries, use <code>sanitize_sql_for_conditions</code> to convert ActiveRecord conditions hashes or arrays to SQL WHERE clauses. The methods in <code>ActiveRecord::ConnectionAdapters::DatabaseStatements</code> are handy for direct queries, in particular the ones starting with <code>select_</code>.

Rails - escaping SQL params

1 Answers

The quote method on the connection object escapes strings. When building up queries, use sanitize_sql_for_conditions to convert ActiveRecord conditions hashes or arrays to SQL WHERE clauses.

The methods in ActiveRecord::ConnectionAdapters::DatabaseStatements are handy for direct queries, in particular the ones starting with select_.

answered Sep 30 '22 20:09

Jason Weathered

Recent Activity
Apple Pay - authorize.net returns error 153 only when live, sandbox works
How to continue cursor loop even error occured in the loop
python find all neighbours of a given node in a list of lists
Fatal error: Call to a member function setColumn() on a non-object in Magento
Count how many of each value from a field with MySQL and PHP
Python 32-bit development on 64-bit Windows [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With

Rails - escaping SQL params

Tags:

sql

database

sql-injection

ruby-on-rails

kapso

1 Answers

Jason Weathered

Recent Activity

Donate For Us

Rails - escaping SQL params

Tags:

sql

database

sql-injection

ruby-on-rails

kapso

1 Answers

Jason Weathered

Related questions

Recent Activity

Donate For Us