How to sanitize sql fragment in Rails

Question

I have to sanitize a part of sql query. I can do something like this:

class << ActiveRecord::Base
  public :sanitize_sql
end

str = ActiveRecord::Base.sani         


        

Answer 1

As of rails 5 the recomended way is to use: ActiveRecord::Base.connection.quote(string)

as stated here: https://github.com/rails/rails/issues/28947

ActiveRecord::Base::sanitize(string) is deprecated