mirrors
/
rails
mirror of https://github.com/rails/rails
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix sanitize_sql_like with escape_character doc [ci-skip] 

When an `escape_character` is specified, `sanitize_sql_like` will escape
occurrences of it rather than `"\\"`.

This commit also modifies the examples to demonstrate that behavior.
This commit is contained in:
Jonathan Hefner 2022-03-23 13:31:34 -05:00
parent 02ad57a46b
commit 659cdebc68
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
activerecord/lib/active_record/sanitization.rb
View File

@ -92,16 +92,17 @@ module ActiveRecord
end end
# Sanitizes a +string+ so that it is safe to use within an SQL # Sanitizes a +string+ so that it is safe to use within an SQL
# LIKE statement. This method uses +escape_character+ to escape all occurrences of "\", "_" and "%". # LIKE statement. This method uses +escape_character+ to escape all
# occurrences of itself, "_" and "%".
# #
# sanitize_sql_like("100%") # sanitize_sql_like("100% true!")
# # => "100\\%" # # => "100\\% true!"
# #
# sanitize_sql_like("snake_cased_string") # sanitize_sql_like("snake_cased_string")
# # => "snake\\_cased\\_string" # # => "snake\\_cased\\_string"
# #
# sanitize_sql_like("100%", "!") # sanitize_sql_like("100% true!", "!")
# # => "100!%" # # => "100!% true!!"
# #
# sanitize_sql_like("snake_cased_string", "!") # sanitize_sql_like("snake_cased_string", "!")
# # => "snake!_cased!_string" # # => "snake!_cased!_string"