views:

227

answers:

1

I have to sanitize a part of sql query. I can do something like this:

class << ActiveRecord::Base
  public :sanitize_sql
end

str = ActiveRecord::Base.sanitize_sql(["AND column1 = ?", "two's"], '')

But it is not safe because I expose protected method. What is a better way to do it?

+1  A: 

You can bypass the protectedness of the method by invoking indirectly:

str = ActiveRecord::Base.__send__(:sanitize_sql, ["AND column1 = ?", "two's"], '')

... which will at least spare you having to refashion that method as public.

(I'm a bit suspicious that you actually need to do this, but the above will work.)

pilcrow