Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Rails - escaping SQL params

Tags:

sql

database

sql-injection

ruby-on-rails

I am doing some plain SQLs in my rails model (for purists this is just for complex SQLs :)

Since I am not using find*/condition methods, is there a helper method that I can use straight to do that?

like image 800
kapso Avatar asked Jul 21 '10 22:07

kapso

1 Answers

The quote method on the connection object escapes strings. When building up queries, use sanitize_sql_for_conditions to convert ActiveRecord conditions hashes or arrays to SQL WHERE clauses.

The methods in ActiveRecord::ConnectionAdapters::DatabaseStatements are handy for direct queries, in particular the ones starting with select_.

like image 95
Jason Weathered Avatar answered Sep 30 '22 20:09

Jason Weathered
Sign in to Comment

Related questions

.NET: Allow NULLS in DB fields?
Query results taking too long on 200K database, speed up tips?
Bulk Insert multiple records and get identity for all using ADO.NET
How to use SQL - INSERT...ON DUPLICATE KEY UPDATE?
how to query with child relations to same table and order this correctly
SQL query: SUM values up to the current record
Calculate differences between rows while grouping with SQL
How to define ENUM in SQL Server 2005? [duplicate]
sql generate unique table/view name
Killing the mysqld process
Check if table exists in c#
Will hibernate java programs have no sql code?
SQL Count unique objects defined by parameters
Is it possible to set a primary key to a view?
SQL, How to change column in SQL table without breaking other dependencies?
SQL query, distinct rows needed
SQL statement to select the value of the latest version of data based on the latest date
Is there a generic way to generate an arbitrary linear sequence in SQL?
SQL Group by different time periods with day
Best pattern for storing (product) attributes in SQL Server

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!