Escaping values in Rails (similar to mysql_real_escape_string())

Question

I know about prepared statements, but if I\'m using raw SQL, does ActiveRecord have a way to manually escape values?

Something like this would be nice:

Answer 1

Even with Model.find_by_sql you can still use the form where question marks stand in as escaped values.

Simply pass an array where the first element is the query and succeeding elements are the values to be substituted in.

Example from the Rails API documentation:

Post.find_by_sql ["SELECT title FROM posts WHERE author = ? AND created > ?", author_id, start_date]