ActiveRecord::Sanitization::ClassMethods

Methods

E

expand_hash_conditions_for_aggregates

S

sanitize_conditions,
sanitize_sql,
sanitize_sql_array,
sanitize_sql_for_assignment,
sanitize_sql_for_conditions,
sanitize_sql_hash,
sanitize_sql_hash_for_assignment,
sanitize_sql_hash_for_conditions

Instance Protected methods

expand_hash_conditions_for_aggregates(attrs) Link

Accepts a hash of SQL conditions and replaces those attributes that correspond to a composed_of relationship with their expanded aggregate attribute values. Given:

class Person < ActiveRecord::Base
  composed_of :address, :class_name => "Address",
    :mapping => [%w(address_street street), %w(address_city city)]
end

Then:

{ :address => Address.new("813 abc st.", "chicago") }
  # => { :address_street => "813 abc st.", :address_city => "chicago" }

Source: show | on GitHub

# File activerecord/lib/active_record/sanitization.rb, line 57
def expand_hash_conditions_for_aggregates(attrs)
  expanded_attrs = {}
  attrs.each do |attr, value|
    unless (aggregation = reflect_on_aggregation(attr.to_sym)).nil?
      mapping = aggregate_mapping(aggregation)
      mapping.each do |field_attr, aggregate_attr|
        if mapping.size == 1 && !value.respond_to?(aggregate_attr)
          expanded_attrs[field_attr] = value
        else
          expanded_attrs[field_attr] = value.send(aggregate_attr)
        end
      end
    else
      expanded_attrs[attr] = value
    end
  end
  expanded_attrs
end

sanitize_conditions(condition, table_name = self.table_name) Link

sanitize_sql(condition, table_name = self.table_name) Link

Also aliased as: sanitize_conditions

sanitize_sql_array(ary) Link

Accepts an array of conditions. The array has each value sanitized and interpolated into the SQL statement.

["name='%s' and group_id='%s'", "foo'bar", 4]  returns  "name='foo''bar' and group_id='4'"

Source: show | on GitHub

# File activerecord/lib/active_record/sanitization.rb, line 112
def sanitize_sql_array(ary)
  statement, *values = ary
  if values.first.is_a?(Hash) && statement =~ /:\w+/
    replace_named_bind_variables(statement, values.first)
  elsif statement.include?('?')
    replace_bind_variables(statement, values)
  elsif statement.blank?
    statement
  else
    statement % values.collect { |value| connection.quote_string(value.to_s) }
  end
end

sanitize_sql_for_assignment(assignments) Link

Accepts an array, hash, or string of SQL conditions and sanitizes them into a valid SQL fragment for a SET clause.

{ :name => nil, :group_id => 4 }  returns "name = NULL , group_id='4'"

Source: show | on GitHub

# File activerecord/lib/active_record/sanitization.rb, line 38
def sanitize_sql_for_assignment(assignments)
  case assignments
    when Array; sanitize_sql_array(assignments)
    when Hash;  sanitize_sql_hash_for_assignment(assignments)
    else        assignments
  end
end

sanitize_sql_for_conditions(condition, table_name = self.table_name) Link

Accepts an array, hash, or string of SQL conditions and sanitizes them into a valid SQL fragment for a WHERE clause.

["name='%s' and group_id='%s'", "foo'bar", 4]  returns  "name='foo''bar' and group_id='4'"
{ :name => "foo'bar", :group_id => 4 }  returns "name='foo''bar' and group_id='4'"
"name='foo''bar' and group_id='4'" returns "name='foo''bar' and group_id='4'"

Also aliased as: sanitize_sql

Source: show | on GitHub

# File activerecord/lib/active_record/sanitization.rb, line 24
def sanitize_sql_for_conditions(condition, table_name = self.table_name)
  return nil if condition.blank?

  case condition
  when Array; sanitize_sql_array(condition)
  when Hash;  sanitize_sql_hash_for_conditions(condition, table_name)
  else        condition
  end
end

sanitize_sql_hash(attrs, default_table_name = self.table_name) Link

sanitize_sql_hash_for_assignment(attrs) Link

Sanitizes a hash of attribute/value pairs into SQL conditions for a SET clause.

{ :status => nil, :group_id => 1 }
  # => "status = NULL , group_id = 1"

Source: show | on GitHub

# File activerecord/lib/active_record/sanitization.rb, line 103
def sanitize_sql_hash_for_assignment(attrs)
  attrs.map do |attr, value|
    "#{connection.quote_column_name(attr)} = #{quote_bound_value(value)}"
  end.join(', ')
end

sanitize_sql_hash_for_conditions(attrs, default_table_name = self.table_name) Link

Sanitizes a hash of attribute/value pairs into SQL conditions for a WHERE clause.

{ :name => "foo'bar", :group_id => 4 }
  # => "name='foo''bar' and group_id= 4"
{ :status => nil, :group_id => [1,2,3] }
  # => "status IS NULL and group_id IN (1,2,3)"
{ :age => 13..18 }
  # => "age BETWEEN 13 AND 18"
{ 'other_records.id' => 7 }
  # => "`other_records`.`id` = 7"
{ :other_records => { :id => 7 } }
  # => "`other_records`.`id` = 7"

And for value objects on a composed_of relationship:

{ :address => Address.new("123 abc st.", "chicago") }
  # => "address_street='123 abc st.' and address_city='chicago'"

Also aliased as: sanitize_sql_hash

Source: show | on GitHub

# File activerecord/lib/active_record/sanitization.rb, line 90
def sanitize_sql_hash_for_conditions(attrs, default_table_name = self.table_name)
  attrs = expand_hash_conditions_for_aggregates(attrs)

  table = Arel::Table.new(table_name).alias(default_table_name)
  PredicateBuilder.build_from_hash(arel_engine, attrs, table).map { |b|
    connection.visitor.accept b
  }.join(' AND ')
end

Module ActiveRecord::Sanitization::ClassMethods