I am writing a raw query and need to escape a variable that the user can
modify. Similar to :conditions => [“whatever = ?”, var]. What function
does this use behind the scenes?
Thanks!
On 2 Dec 2007, at 18:55, Ben J. wrote:
I am writing a raw query and need to escape a variable that the user
can
modify. Similar to :conditions => [“whatever = ?”, var]. What function
does this use behind the scenes?
Depending on what you want:
connection#quote
ActiveRecord::Base#quote_value
ActiveRecord::Base#sanitize_sql (which turns [“whatever = ?”, var]
into “whatever = ‘var’”
Fred