I am writing a raw query and need to escape a variable that the user can
modify. Similar to :conditions => [“whatever = ?”, var]. What function
does this use behind the scenes?
Thanks!
I am writing a raw query and need to escape a variable that the user can
modify. Similar to :conditions => [“whatever = ?”, var]. What function
does this use behind the scenes?
Thanks!
On 2 Dec 2007, at 18:55, Ben J. wrote:
I am writing a raw query and need to escape a variable that the user
can
modify. Similar to :conditions => [“whatever = ?”, var]. What function
does this use behind the scenes?
Depending on what you want:
connection#quote
ActiveRecord::Base#quote_value
ActiveRecord::Base#sanitize_sql (which turns [“whatever = ?”, var]
into “whatever = ‘var’”
Fred
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs