@@ -5,8 +5,8 @@ module Sanitization
55 extend ActiveSupport ::Concern
66
77 module ClassMethods
8- # Accepts an array or string of SQL conditions and sanitizes
9- # them into a valid SQL fragment for a WHERE clause.
8+ # Accepts an array of SQL conditions and sanitizes them into a valid
9+ # SQL fragment for a WHERE clause.
1010 #
1111 # sanitize_sql_for_conditions(["name=? and group_id=?", "foo'bar", 4])
1212 # # => "name='foo''bar' and group_id=4"
@@ -17,6 +17,9 @@ module ClassMethods
1717 # sanitize_sql_for_conditions(["name='%s' and group_id='%s'", "foo'bar", 4])
1818 # # => "name='foo''bar' and group_id='4'"
1919 #
20+ # This method will NOT sanitize a SQL string since it won't contain
21+ # any conditions in it and will return the string as is.
22+ #
2023 # sanitize_sql_for_conditions("name='foo''bar' and group_id='4'")
2124 # # => "name='foo''bar' and group_id='4'"
2225 #
@@ -37,8 +40,8 @@ def sanitize_sql_for_conditions(condition)
3740 end
3841 alias :sanitize_sql :sanitize_sql_for_conditions
3942
40- # Accepts an array, hash, or string of SQL conditions and sanitizes
41- # them into a valid SQL fragment for a SET clause.
43+ # Accepts an array or hash of SQL conditions and sanitizes them into
44+ # a valid SQL fragment for a SET clause.
4245 #
4346 # sanitize_sql_for_assignment(["name=? and group_id=?", nil, 4])
4447 # # => "name=NULL and group_id=4"
@@ -49,6 +52,9 @@ def sanitize_sql_for_conditions(condition)
4952 # Post.sanitize_sql_for_assignment({ name: nil, group_id: 4 })
5053 # # => "`posts`.`name` = NULL, `posts`.`group_id` = 4"
5154 #
55+ # This method will NOT sanitize a SQL string since it won't contain
56+ # any conditions in it and will return the string as is.
57+ #
5258 # sanitize_sql_for_assignment("name=NULL and group_id='4'")
5359 # # => "name=NULL and group_id='4'"
5460 #
0 commit comments