Method: ActiveRecord::Sanitization::ClassMethods#sanitize_sql_array
- Defined in:
- lib/active_record/sanitization.rb
#sanitize_sql_array(ary) ⇒ Object
Accepts an array of conditions. The array has each value sanitized and interpolated into the SQL statement.
sanitize_sql_array(["name=? and group_id=?", "foo'bar", 4])
# => "name='foo''bar' and group_id=4"
sanitize_sql_array(["name=:name and group_id=:group_id", name: "foo'bar", group_id: 4])
# => "name='foo''bar' and group_id=4"
sanitize_sql_array(["name='%s' and group_id='%s'", "foo'bar", 4])
# => "name='foo''bar' and group_id='4'"
123 124 125 126 127 128 129 130 131 132 133 134 |
# File 'lib/active_record/sanitization.rb', line 123 def sanitize_sql_array(ary) statement, *values = ary if values.first.is_a?(Hash) && /:\w+/.match?(statement) replace_named_bind_variables(statement, values.first) elsif statement.include?("?") replace_bind_variables(statement, values) elsif statement.blank? statement else statement % values.collect { |value| connection.quote_string(value.to_s) } end end |