Add note about Arel.sql in documentation for sanitize_sql_array

westonganger · westonganger · commit 2337ee82c79f · 2024-11-22T10:19:15.000-08:00
diff --git a/activerecord/lib/active_record/sanitization.rb b/activerecord/lib/active_record/sanitization.rb
@@ -155,6 +155,8 @@ def sanitize_sql_like(string, escape_character = "\\")
       #
       #   sanitize_sql_array(["role = ?", 0])
       #   # => "role = '0'"
+      #
+      #   Before using this method, please consider if Arel.sql would be better for your use-case
       def sanitize_sql_array(ary)
         statement, *values = ary
         if values.first.is_a?(Hash) && /:\w+/.match?(statement)

Original file line number	Diff line number	Diff line change
`@@ -155,6 +155,8 @@ def sanitize_sql_like(string, escape_character = "\\")`
`155`	`155`	`#`
`156`	`156`	`# sanitize_sql_array(["role = ?", 0])`
`157`	`157`	`# # => "role = '0'"`
	`158`	`+ #`
	`159`	`+ # Before using this method, please consider if Arel.sql would be better for your use-case`
`158`	`160`	`def sanitize_sql_array(ary)`
`159`	`161`	`statement, *values = ary`
`160`	`162`	`if values.first.is_a?(Hash) && /:\w+/.match?(statement)`