module ActiveRecord::Sanitization::ClassMethods

def sanitize_sql_like(string, escape_character = "\\")

# => "snake!_cased!_string"
sanitize_sql_like("snake_cased_string", "!")

# => "100!% true!!"
sanitize_sql_like("100% true!", "!")

# => "snake\\_cased\\_string"
sanitize_sql_like("snake_cased_string")

# => "100\\% true!"
sanitize_sql_like("100% true!")

occurrences of itself, "_" and "%".
LIKE statement. This method uses +escape_character+ to escape all
Sanitizes a +string+ so that it is safe to use within an SQL

def sanitize_sql_like(string, escape_character = "\\")
  if string.include?(escape_character) && escape_character != "%" && escape_character != "_"
    string = string.gsub(escape_character, '\0\0')
  end
  string.gsub(/(?=[%_])/, escape_character)
end

Instance Methods

# disallow_raw_sql!
# quote_bound_value
# raise_if_bind_arity_mismatch
# replace_bind_variable
# replace_bind_variables
# replace_named_bind_variables
# sanitize_sql_array
# sanitize_sql_for_assignment
# sanitize_sql_for_conditions
# sanitize_sql_for_order
# sanitize_sql_hash_for_assignment
# sanitize_sql_like

Modules

Classes

module ActiveRecord::Sanitization::ClassMethods

def sanitize_sql_like(string, escape_character = "\\")

Instance Methods