module ActiveRecord::Sanitization::ClassMethods

def sanitize_sql_array(ary)

["name='%s' and group_id='%s'", "foo'bar", 4] returns "name='foo''bar' and group_id='4'"
sanitized and interpolated into the SQL statement.
Accepts an array of conditions. The array has each value

def sanitize_sql_array(ary)
  statement, *values = ary
  if values.first.is_a?(Hash) && statement =~ /:\w+/
    replace_named_bind_variables(statement, values.first)
  elsif statement.include?('?')
    replace_bind_variables(statement, values)
  elsif statement.blank?
    statement
  else
    statement % values.collect { |value| connection.quote_string(value.to_s) }
  end
end

Instance Methods

# expand_hash_conditions_for_aggregates
# quote_bound_value
# quote_value
# raise_if_bind_arity_mismatch
# replace_bind_variable
# replace_bind_variables
# replace_named_bind_variables
# sanitize
# sanitize_sql_array
# sanitize_sql_for_assignment
# sanitize_sql_for_conditions
# sanitize_sql_hash_for_assignment
# sanitize_sql_hash_for_conditions

Modules

Classes

module ActiveRecord::Sanitization::ClassMethods

def sanitize_sql_array(ary)

Instance Methods