How to escape for MYSQL queries from Ruby on Rails?

mysql ruby-on-rails escaping
13,049

Solution 1

You can use ActiveRecord's quote method (e.g. ActiveRecord::Base.connection.quote("string with ' apostrophe")), but ActiveRecord's query methods already escape your SQL for you. For example:

a = "string with ' apostrophe"
ModelName.where("field1 = ?", a)

will change "string with ' apostrophe" to "string with '' apostrophe"

Solution 2

Rails quotes strings as follows:

# Quotes a string, escaping any ' (single quote) and \ (backslash) characters.
def quote_string(s)
  s.gsub(/\\/, '\&\&').gsub(/'/, "''") # ' (for ruby-mode)
end

Solution 3

When using the mysql gem, you gain the method Mysql.escape_string(). Use as follows:

search_terms = Mysql.escape_string("it's working!")
conditions = [ "table1.name LIKE '%#{search_terms}%'" ]
# use conditions for MYSQL query as appropriate
Share:
13,049
joanwolk
Author by

joanwolk

I learn fast: I started teaching myself Ruby on Rails and associated technologies in January 2011. I interned with Upstream Agile in mid-2011, and by November 2011 I started a position as a junior developer at mediapeers, where I quickly progressed to a key member of the team. When we changed our tech stack, I moved to focus on the frontend, where implementing designs precisely and elegantly gives me great satisfaction. Before moving to Germany, I worked as a professional stage manager, where I honed my skills in scheduling, organization, and communication before eventually leaving the field in search of something with better hours. Web development was something I explored briefly in college, and I'm really glad I've come back to it.

Updated on July 27, 2022

Comments

  • joanwolk
    joanwolk almost 2 years

    When searching the MYSQL database for a Rails 2.3.14 app, I need to escape the search string appropriately so I can search for strings containing single-quotes (apostrophes). What's the best way to do this? I'm using the mysql gem, in case that matters.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to use WHERE IN in Rails 3 project using MySQL 2?
Stored procedures in Ruby on Rails
Rails: error: database configuration does not specify adapter
Define the length of varchar for MySQL in rails
can't activate mysql2 (~> 0.3.6), already activated mysql2-0.3.2 in Rails 3.1
What is the best escape character strategy for Python/MySQL combo?
Rails ActiveRecord WHERE EXISTS query
mysql2 gem installation fails
Hyphen within string in mysql query causing strange behavior
How to install Ruby on Rails with mysql and get it working, a step by step guide?