Created
April 21, 2017 17:40
-
-
Save aarontc/33cc966153b5b1a88cecaca254c17dec to your computer and use it in GitHub Desktop.
Monkeypatch for ActiveRecord to allow safe SQL sanitization
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'active_record' | |
module ActiveRecord | |
class Base | |
class << self | |
def select_rows_with_params(query, *params) | |
query = sanitize_sql_array [query, *params] | |
connection.select_rows query | |
end | |
def exec_query_with_params(query, *params) | |
query = sanitize_sql_array [query, *params] | |
connection.exec_query query | |
end | |
def select_all_with_params(query, *params) | |
query = sanitize_sql_array [query, *params] | |
connection.select_all query | |
end | |
def execute_with_params(query, *params) | |
query = sanitize_sql_array [query, *params] | |
connection.execute query | |
end | |
end | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment