module ActiveRecord::Sanitization::ClassMethods
def sanitize_sql_like(string, escape_character = "\\")
sanitize_sql_like("snake_cased_string", "!")
# => "100!% true!!"
sanitize_sql_like("100% true!", "!")
# => "snake\\_cased\\_string"
sanitize_sql_like("snake_cased_string")
# => "100\\% true!"
sanitize_sql_like("100% true!")
occurrences of itself, "_" and "%".
LIKE statement. This method uses +escape_character+ to escape all
Sanitizes a +string+ so that it is safe to use within an SQL
def sanitize_sql_like(string, escape_character = "\\") pattern = Regexp.union(escape_character, "%", "_") string.gsub(pattern) { |x| [escape_character, x].join } end