module ActiveRecord::Sanitization::ClassMethods

def sanitize_sql_array(ary)

# => "name='foo''bar' and group_id='4'"
sanitize_sql_array(["name='%s' and group_id='%s'", "foo'bar", 4])

# => "name='foo''bar' and group_id=4"
sanitize_sql_array(["name=:name and group_id=:group_id", name: "foo'bar", group_id: 4])

# => "name='foo''bar' and group_id=4"
sanitize_sql_array(["name=? and group_id=?", "foo'bar", 4])

sanitized and interpolated into the SQL statement.
Accepts an array of conditions. The array has each value

def sanitize_sql_array(ary)
  statement, *values = ary
  if values.first.is_a?(Hash) && /:\w+/.match?(statement)
    replace_named_bind_variables(statement, values.first)
  elsif statement.include?("?")
    replace_bind_variables(statement, values)
  elsif statement.blank?
    statement
  else
    statement % values.collect { |value| connection.quote_string(value.to_s) }
  end
end

Instance Methods

# disallow_raw_sql!
# quote_bound_value
# raise_if_bind_arity_mismatch
# replace_bind_variable
# replace_bind_variables
# replace_named_bind_variables
# sanitize_sql_array
# sanitize_sql_for_assignment
# sanitize_sql_for_conditions
# sanitize_sql_for_order
# sanitize_sql_hash_for_assignment
# sanitize_sql_like

Modules

Classes

module ActiveRecord::Sanitization::ClassMethods

def sanitize_sql_array(ary)

Instance Methods