How to sanitize sql fragment in Rails

Question

I have to sanitize a part of sql query. I can do something like this:

class << ActiveRecord::Base
  public :sanitize_sql
end

str = ActiveRecord::Base.sani         


        

Answer 1

Note that when it comes to sanitizing SQL WHERE conditions, the best solution was sanitize_sql_hash_for_conditions, because it correctly handled NULL conditions (e.g. would generate IS NULL instead of = NULL if a nil attribute was passed).

For some reason, it was deprecated in Rails 5. So I rolled a future-proofed version, see here: https://stackoverflow.com/a/53948665/165673