instance method `sanitize_limit`

Ruby on Rails 3.1.12

Since v2.2.3 Last seen in v8.0.4

Available in: v2.2.3 v2.3.18 v3.0.20 v3.1.12 v3.2.22.5 v4.0.13 v4.1.16 v4.2.9 v5.2.8.1 v6.0.6 v6.1.7.10 v7.0.10 v7.1.6 v7.2.3 v8.0.4

Compare with:

sanitize_limit(limit)

Sanitizes the given LIMIT parameter in order to prevent SQL injection.

The limit may be anything that can evaluate to a string via #to_s. It should look like an integer, or a comma-delimited list of integers, or an Arel SQL literal.

Returns Integer and Arel::Nodes::SqlLiteral limits as is. Returns the sanitized limit parameter, either as an integer, or as a string which contains a comma-delimited list of integers.

Parameters

limit req

Source

# File activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb, line 328
      def sanitize_limit(limit)
        if limit.is_a?(Integer) || limit.is_a?(Arel::Nodes::SqlLiteral)
          limit
        elsif limit.to_s =~ /,/
          Arel.sql limit.to_s.split(',').map{ |i| Integer(i) }.join(',')
        else
          Integer(limit)
        end
      end

Defined in activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb line 328 · View on GitHub · Improve this page · Find usages on GitHub

Defined in ActiveRecord::ConnectionAdapters::DatabaseStatements

Signature

Parameters