Arel (original) (raw)

Methods

S

• sql

Constants

Class Public methods

sql(sql_string, *positional_binds, retryable: false, **named_binds)Link

Wrap a known-safe SQL string for passing to query methods, e.g.

Post.order(Arel.sql("REPLACE(title, 'misc', 'zzzz') asc")).pluck(:id)

Great caution should be taken to avoid SQL injection vulnerabilities. This method should not be used with unsafe values such as request parameters or model attributes.

Take a look at the security guide for more information.

To construct a more complex query fragment, including the possible use of user-provided values, the sql_string may contain ? and :key placeholders, corresponding to the additional arguments. Note that this behavior only applies when bind value parameters are supplied in the call; without them, the placeholder tokens have no special meaning, and will be passed through to the query as-is.

The :retryable option can be used to mark the SQL as safe to retry. Use this option only if the SQL is idempotent, as it could be executed more than once.

Source: show | on GitHub

def self.sql(sql_string, *positional_binds, retryable: false, **named_binds) if positional_binds.empty? && named_binds.empty? Arel::Nodes::SqlLiteral.new(sql_string, retryable: retryable) else Arel::Nodes::BoundSqlLiteral.new sql_string, positional_binds, named_binds end end