How to sanitize sql fragment in Rails

sql ruby-on-rails sanitize
dimus picture dimus · Jun 9, 2010 · Viewed 39.9k times · Source

I have to sanitize a part of sql query. I can do something like this:

class << ActiveRecord::Base
  public :sanitize_sql
end

str = ActiveRecord::Base.sanitize_sql(["AND column1 = ?", "two's"], '')

But it is not safe because I expose protected method. What is a better way to do it?

Answer

HashDog Team picture HashDog Team · Jun 28, 2012

You can just use: 

ActiveRecord::Base::sanitize_sql(string)

Related questions

Rails raw SQL example

How can I convert this code to raw sql and use in rails? Because When I deploy this code in heroku,there is a request timeout error.I think this will be faster if I use raw sql. @payments = PaymentDetail.…

Read More
Rails 4 LIKE query - ActiveRecord adds quotes

I am trying to do a like query like so def self.search(search, page = 1 ) paginate :per_page => 5, :page => page, :conditions => ["name LIKE '%?%' OR postal_code like '%?%'", search, search], order => 'name' end …

Read More
Rails 3 execute custom sql query without a model

I need to write a standalone ruby script that is supposed to deal with database. I used code given below in rails 3 @connection = ActiveRecord::Base.establish_connection( :adapter => "mysql2", :host => "localhost", :database => "siteconfig_development", :username => "root", :…

Read More