Merge pull request rails#53717 from westonganger/recommend_arel_sql_instead_of_sanitize_sql_array

byroot · web-flow · commit 04a63ad9b657 · 2024-11-23T09:45:12.000+01:00
Add note about Arel.sql in documentation for sanitize_sql_array
diff --git a/activerecord/lib/active_record/sanitization.rb b/activerecord/lib/active_record/sanitization.rb
@@ -161,6 +161,8 @@ def sanitize_sql_like(string, escape_character = "\\")
       #
       #   sanitize_sql_array(["role = ?", 0])
       #   # => "role = '0'"
+      #
+      #   Before using this method, please consider if Arel.sql would be better for your use-case
       def sanitize_sql_array(ary)
         statement, *values = ary
         if values.first.is_a?(Hash) && /:\w+/.match?(statement)

Original file line number	Diff line number	Diff line change
`@@ -161,6 +161,8 @@ def sanitize_sql_like(string, escape_character = "\\")`
`161`	`161`	`#`
`162`	`162`	`# sanitize_sql_array(["role = ?", 0])`
`163`	`163`	`# # => "role = '0'"`
	`164`	`+ #`
	`165`	`+ # Before using this method, please consider if Arel.sql would be better for your use-case`
`164`	`166`	`def sanitize_sql_array(ary)`
`165`	`167`	`statement, *values = ary`
`166`	`168`	`if values.first.is_a?(Hash) && /:\w+/.match?(statement)`