Method: ActiveRecord::ConnectionAdapters::Quoting#quote
- Defined in:
- activerecord/lib/active_record/connection_adapters/abstract/quoting.rb
#quote(value) ⇒ Object
Quotes the column value to help prevent SQL injection attacks.
73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 |
# File 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb', line 73 def quote(value) case value when String, Symbol, ActiveSupport::Multibyte::Chars "'#{quote_string(value.to_s)}'" when true then quoted_true when false then quoted_false when nil then "NULL" # BigDecimals need to be put in a non-normalized form and quoted. when BigDecimal then value.to_s("F") when Numeric then value.to_s when Type::Binary::Data then quoted_binary(value) when Type::Time::Value then "'#{quoted_time(value)}'" when Date, Time then "'#{quoted_date(value)}'" when Class then "'#{value}'" else raise TypeError, "can't quote #{value.class.name}" end end |