sanitize_limit

sanitize_limit(limit)

Instance Public methods

Sanitizes the given LIMIT parameter in order to prevent SQL injection.

The limit may be anything that can evaluate to a string via to_s. It should look like an integer, or a comma-delimited list of integers, or an Arel SQL literal.

Returns Integer and Arel::Nodes::SqlLiteral limits as is. Returns the sanitized limit parameter, either as an integer, or as a string which contains a comma-delimited list of integers.

Links:

https://github.com/rails/rails/blob/ff062fe58a07092a300dc1c91848ee763d506a76/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb#L318

doc_ruby_on_rails

2015-06-20 00:00:00

Comments