如何逃脱在Ruby中插入或更新之前的字符串 [英] how to escape a string before insert or update in Ruby
本文介绍了如何逃脱在Ruby中插入或更新之前的字符串的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
在红宝石的ActiveRecord不提供动态的更新绑定和插入sql语句,我当然可以使用原始SQL,但需要保持连接,所以我想知道是否有更简单的方法来逃避更新或执行前插入SQL像下面code:
In ruby ActiveRecord doesn't provide dynamic binding for update and insert sqls, of course i can use raw sql, but that need maintain connection, so i want to know if there is simpler way to escape update or insert sql before executing like code below:
ActiveRecord::Base.connection.insert(sql)
我想我可以通过GSUB写code,但我知道,如果出现了一个现成的方法来做到这一点。
i think i can write code by gsub, but i know if there has been a ready method to do it.
推荐答案
你可以这样做:
ActiveRecord::Base.send(:sanitize_sql,["select * from my_table where description='%s' and id='%s'","mal'formed", 55], "my_table")
当然,这意味着你分别有PARAMS。不知道这是否会以其他方式,但尝试一下。
Of course, this means that you have the params separately. Not sure if it will work otherwise, but try it out.
这篇关于如何逃脱在Ruby中插入或更新之前的字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文