如何逃脱在Ruby中插入或更新之前的字符串 [英] how to escape a string before insert or update in Ruby

问题描述

在红宝石的ActiveRecord不提供动态的更新绑定和插入sql语句，我当然可以使用原始SQL，但需要保持连接，所以我想知道是否有更简单的方法来逃避更新或执行前插入SQL像下面code：

In ruby ActiveRecord doesn't provide dynamic binding for update and insert sqls, of course i can use raw sql, but that need maintain connection, so i want to know if there is simpler way to escape update or insert sql before executing like code below:

ActiveRecord::Base.connection.insert(sql)

我想我可以通过GSUB写code，但我知道，如果出现了一个现成的方法来做到这一点。

i think i can write code by gsub, but i know if there has been a ready method to do it.

推荐答案

你可以这样做：

ActiveRecord::Base.send(:sanitize_sql,["select * from my_table where description='%s' and id='%s'","mal'formed", 55], "my_table")

当然，这意味着你分别有PARAMS。不知道这是否会以其他方式，但尝试一下。

Of course, this means that you have the params separately. Not sure if it will work otherwise, but try it out.

这篇关于如何逃脱在Ruby中插入或更新之前的字符串的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！