How to sanitize sql fragment in Rails

Question

posted Oct 7, 2021 in Technique[技术] by 深蓝 (71.8m points)

I have to sanitize a part of sql query. I can do something like this:

class << ActiveRecord::Base
  public :sanitize_sql
end

str = ActiveRecord::Base.sanitize_sql(["AND column1 = ?", "two's"], '')

But it is not safe because I expose protected method. What is a better way to do it?

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Reply

深蓝 · Answer 1 · 2021-10-06T17:34:17+0000

replyed Oct 7, 2021 by 深蓝 (71.8m points)

You can just use:

ActiveRecord::Base::sanitize_sql(string)

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…