Displaying 1 result from an estimated 1 matches for "sanitize_sql_".
Did you mean:
sanitize_sql
2008 Aug 01
1
Escaping SQL when using connection.execute?
Hi all,
Here''s the situation: I''m writing a Rails app that connect to a SQL
Server DB via the ODBC adapter. As an outside, non-negotiable
requirement, and writes to the DB must be performed using stored
procedures. (I know, I know... it sucks).
When constructing the query string, how do I go about escaping the
parameters I want to insert.
My first thought was Rail''s