123456789_123456789_123456789_123456789_123456789_

Module: Arel

Relationships & Source Files
Defined in: activerecord/lib/arel.rb,
activerecord/lib/arel/alias_predication.rb,
activerecord/lib/arel/crud.rb,
activerecord/lib/arel/delete_manager.rb,
activerecord/lib/arel/errors.rb,
activerecord/lib/arel/expressions.rb,
activerecord/lib/arel/factory_methods.rb,
activerecord/lib/arel/filter_predications.rb,
activerecord/lib/arel/insert_manager.rb,
activerecord/lib/arel/math.rb,
activerecord/lib/arel/order_predications.rb,
activerecord/lib/arel/predications.rb,
activerecord/lib/arel/select_manager.rb,
activerecord/lib/arel/table.rb,
activerecord/lib/arel/tree_manager.rb,
activerecord/lib/arel/update_manager.rb,
activerecord/lib/arel/visitors.rb,
activerecord/lib/arel/window_predications.rb,
activerecord/lib/arel/attributes/attribute.rb,
activerecord/lib/arel/collectors/bind.rb,
activerecord/lib/arel/collectors/composite.rb,
activerecord/lib/arel/collectors/plain_string.rb,
activerecord/lib/arel/collectors/sql_string.rb,
activerecord/lib/arel/collectors/substitute_binds.rb,
activerecord/lib/arel/nodes/and.rb,
activerecord/lib/arel/nodes/ascending.rb,
activerecord/lib/arel/nodes/binary.rb,
activerecord/lib/arel/nodes/bind_param.rb,
activerecord/lib/arel/nodes/bound_sql_literal.rb,
activerecord/lib/arel/nodes/case.rb,
activerecord/lib/arel/nodes/casted.rb,
activerecord/lib/arel/nodes/comment.rb,
activerecord/lib/arel/nodes/count.rb,
activerecord/lib/arel/nodes/cte.rb,
activerecord/lib/arel/nodes/delete_statement.rb,
activerecord/lib/arel/nodes/descending.rb,
activerecord/lib/arel/nodes/equality.rb,
activerecord/lib/arel/nodes/extract.rb,
activerecord/lib/arel/nodes/false.rb,
activerecord/lib/arel/nodes/filter.rb,
activerecord/lib/arel/nodes/fragments.rb,
activerecord/lib/arel/nodes/full_outer_join.rb,
activerecord/lib/arel/nodes/function.rb,
activerecord/lib/arel/nodes/grouping.rb,
activerecord/lib/arel/nodes/homogeneous_in.rb,
activerecord/lib/arel/nodes/in.rb,
activerecord/lib/arel/nodes/infix_operation.rb,
activerecord/lib/arel/nodes/inner_join.rb,
activerecord/lib/arel/nodes/insert_statement.rb,
activerecord/lib/arel/nodes/join_source.rb,
activerecord/lib/arel/nodes/leading_join.rb,
activerecord/lib/arel/nodes/matches.rb,
activerecord/lib/arel/nodes/named_function.rb,
activerecord/lib/arel/nodes/node.rb,
activerecord/lib/arel/nodes/node_expression.rb,
activerecord/lib/arel/nodes/ordering.rb,
activerecord/lib/arel/nodes/outer_join.rb,
activerecord/lib/arel/nodes/over.rb,
activerecord/lib/arel/nodes/regexp.rb,
activerecord/lib/arel/nodes/right_outer_join.rb,
activerecord/lib/arel/nodes/select_core.rb,
activerecord/lib/arel/nodes/select_statement.rb,
activerecord/lib/arel/nodes/sql_literal.rb,
activerecord/lib/arel/nodes/string_join.rb,
activerecord/lib/arel/nodes/table_alias.rb,
activerecord/lib/arel/nodes/terminal.rb,
activerecord/lib/arel/nodes/true.rb,
activerecord/lib/arel/nodes/unary.rb,
activerecord/lib/arel/nodes/unary_operation.rb,
activerecord/lib/arel/nodes/unqualified_column.rb,
activerecord/lib/arel/nodes/update_statement.rb,
activerecord/lib/arel/nodes/values_list.rb,
activerecord/lib/arel/nodes/window.rb,
activerecord/lib/arel/nodes/with.rb,
activerecord/lib/arel/visitors/dot.rb,
activerecord/lib/arel/visitors/mysql.rb,
activerecord/lib/arel/visitors/postgresql.rb,
activerecord/lib/arel/visitors/sqlite.rb,
activerecord/lib/arel/visitors/to_sql.rb,
activerecord/lib/arel/visitors/visitor.rb

Constant Summary

Class Method Summary

Class Method Details

.sql(sql_string, *positional_binds, **named_binds)

Wrap a known-safe SQL string for passing to query methods, e.g.

Post.order(Arel.sql("REPLACE(title, 'misc', 'zzzz') asc")).pluck(:id)

Great caution should be taken to avoid SQL injection vulnerabilities. This method should not be used with unsafe values such as request parameters or model attributes.

Take a look at the security guide for more information.

To construct a more complex query fragment, including the possible use of user-provided values, the sql_string may contain ? and :key placeholders, corresponding to the additional arguments. Note that this behavior only applies when bind value parameters are supplied in the call; without them, the placeholder tokens have no special meaning, and will be passed through to the query as-is.

[ GitHub ]

  
# File 'activerecord/lib/arel.rb', line 48

def self.sql(sql_string, *positional_binds, **named_binds)
  if positional_binds.empty? && named_binds.empty?
    Arel::Nodes::SqlLiteral.new sql_string
  else
    Arel::Nodes::BoundSqlLiteral.new sql_string, positional_binds, named_binds
  end
end