API Guides

instance method quote

Ruby on Rails 4.0.13

Since v2.2.3

Available in: v2.2.3 v2.3.18 v3.0.20 v3.1.12 v3.2.22.5 v4.0.13 v4.1.16 v4.2.9 v5.2.8.1 v6.0.6 v6.1.7.10 v7.0.10 v7.1.6 v7.2.3 v8.0.4 v8.1.2 

quote(value, column = nil)

Quotes the column value to help prevent SQL injection attacks.

Parameters

value req
column opt = nil
Source 
# File activerecord/lib/active_record/connection_adapters/abstract/quoting.rb, line 8
      def quote(value, column = nil)
        # records are quoted as their primary key
        return value.quoted_id if value.respond_to?(:quoted_id)

        case value
        when String, ActiveSupport::Multibyte::Chars
          value = value.to_s
          return "'#{quote_string(value)}'" unless column

          case column.type
          when :binary then "'#{quote_string(column.string_to_binary(value))}'"
          when :integer then value.to_i.to_s
          when :float then value.to_f.to_s
          else
            "'#{quote_string(value)}'"
          end

        when true, false
          if column && column.type == :integer
            value ? '1' : '0'
          else
            value ? quoted_true : quoted_false
          end
          # BigDecimals need to be put in a non-normalized form and quoted.
        when nil        then "NULL"
        when BigDecimal then value.to_s('F')
        when Numeric, ActiveSupport::Duration then value.to_s
        when Date, Time then "'#{quoted_date(value)}'"
        when Symbol     then "'#{quote_string(value.to_s)}'"
        when Class      then "'#{value.to_s}'"
        else
          "'#{quote_string(YAML.dump(value))}'"
        end
      end

Defined in activerecord/lib/active_record/connection_adapters/abstract/quoting.rb line 8 · View on GitHub · Improve this page · Find usages on GitHub

Defined in ActiveRecord::ConnectionAdapters::Quoting

Type at least 2 characters to search.

↑↓ navigate · open · esc close