Escaping values in Rails (similar to mysql_real_escape_string())

Question

I know about prepared statements, but if I\'m using raw SQL, does ActiveRecord have a way to manually escape values?

Something like this would be nice:

Answer 1

A quick dive into the ActiveRecord source reveals its method "sanitize_sql_array" for sanitizing the [string, bind_variable[, bind_variable]] type of sql statement

You could call it directly:

sql = ActiveRecord::Base.send(:sanitize_sql_array, ["insert into foo (bar, baz) values (?, ?), (?, ?)", 'a', 'b', 'c', 'd'])
res = ActiveRecord::Base.connection.execute(sql)