Sanitizing data at active record

Question

Hi guys,

I waan sanitize the data coming from my form in my active record .Especially the single inverted comma before its actually jacked into the sql query. I want it to be something raghu'\s if raghu's is been fed.let me know if there is something at activerecord level that can do this job for me !!! ..I have already tried using

sanitize_sql_array

sanitize_sql_for_assignment

sanitize_sql_for_conditions

sanitize_sql_hash_for_assignment

sanitize_sql_hash_for_conditions

But none of these seem to escape the single inverted comma there by failing my sql query !!!

Answer 1

You might want to have a look at this thread - Strip & Sanitize BEFORE saving data from the Ruby Forum - I haven't tried any of the solutions mentioned but it might get you going in the right direction

Answer 2

Rails will handle a lot of the santizing for you if you use the following format for performing finds. It'll run the necessary sub methods to ensure that nothing potentially destructive is inserted into the database. Not sure about the single inverted comma, but it's worth a shot.

Model.find(:all, :condition => ["text_value = ?", params[:form_input])