module Arel
def self.arel_node?(value) # :nodoc:
def self.arel_node?(value) # :nodoc: value.is_a?(Arel::Nodes::Node) || value.is_a?(Arel::Attribute) || value.is_a?(Arel::Nodes::SqlLiteral) end
def self.fetch_attribute(value, &block) # :nodoc:
def self.fetch_attribute(value, &block) # :nodoc: unless String === value value.fetch_attribute(&block) end end
def self.sql(sql_string, *positional_binds, retryable: false, **named_binds)
Use this option only if the SQL is idempotent, as it could be executed
The +:retryable+ option can be used to mark the SQL as safe to retry.
special meaning, and will be passed through to the query as-is.
supplied in the call; without them, the placeholder tokens have no
that this behavior only applies when bind value parameters are
+:key+ placeholders, corresponding to the additional arguments. Note
use of user-provided values, the +sql_string+ may contain ? and
To construct a more complex query fragment, including the possible
for more information.
Take a look at the {security guide}[https://guides.rubyonrails.org/security.html#sql-injection]
parameters or model attributes.
This method should not be used with unsafe values such as request
Great caution should be taken to avoid SQL injection vulnerabilities.
Post.order(Arel.sql("REPLACE(title, 'misc', 'zzzz') asc")).pluck(:id)
Wrap a known-safe SQL string for passing to query methods, e.g.
def self.sql(sql_string, *positional_binds, retryable: false, **named_binds) if positional_binds.empty? && named_binds.empty? Arel::Nodes::SqlLiteral.new(sql_string, retryable: retryable) else Arel::Nodes::BoundSqlLiteral.new sql_string, positional_binds, named_binds end end
def self.star # :nodoc:
def self.star # :nodoc: sql("*", retryable: true) end