- S
Constants
| VERSION | = | "10.0.0" |
Class Public methods
sql(sql_string, *positional_binds, retryable: false, **named_binds)Link
Wrap a known-safe SQL string for passing to query methods, e.g.
Post.order(Arel.sql("REPLACE(title, 'misc', 'zzzz') asc")).pluck(:id)
Great caution should be taken to avoid SQL injection vulnerabilities. This method should not be used with unsafe values such as request parameters or model attributes.
Take a look at thesecurity guide for more information.
To construct a more complex query fragment, including the possible use of user-provided values, thesql_string may contain? and:key placeholders, corresponding to the additional arguments. Note that this behavior only applies when bind value parameters are supplied in the call; without them, the placeholder tokens have no special meaning, and will be passed through to the query as-is.
The:retryable option can be used to mark the SQL as safe to retry. Use this option only if the SQL is idempotent, as it could be executed more than once.
# File activerecord/lib/arel.rb, line 52defself.sql(sql_string,*positional_binds,retryable:false,**named_binds)ifArel::Nodes::SqlLiteral===sql_stringsql_stringelsifpositional_binds.empty?&&named_binds.empty?Arel::Nodes::SqlLiteral.new(sql_string,retryable:retryable)elseArel::Nodes::BoundSqlLiteral.newsql_string,positional_binds,named_bindsendend