Escape an '@' character in a SQL query / ActiveRecord

Question

How do I escape an '@' query in a SQL query.

I am using ActiveRecord (3).

suite_scenarios = Scenario.where(suite_id: suite_id)
tag_pair = ["@regression","@daily_feature"]

tag_pair_scenarios = suite_scenarios.where("metadata LIKE '%#{tag_pair[0]}%'").where("metadata LIKE '%#{tag_pair[1]}%'")

messanjah · Accepted Answer · 2017-06-16T15:26:42.597

7

Borrowing from this answer explaining how to construct ILIKE queries with placeholder conditions, it seems you can construct your query like this:

suite_scenarios.
  where("metadata LIKE '%' || ? || '%'", tag_pair[0]).
  where("metadata LIKE '%' || ? || '%'", tag_pair[1]")

This has the added benefit of protecting you from SQL injection, in case tag_pair comes from user input (form params).

edited Jun 16 '17 at 15:26

answered Jun 12 '17 at 16:30

messanjah

8,977
4
27
40

Escape an '@' character in a SQL query / ActiveRecord

1 Answers1