Back in March, J. Smith wrote:
I’ve written a patch for Arel to provide a feature similar to the
ActiveSupport::SafeBuffer class that allows for by-passing some of
Arel’s quoting mechanisms when using, say, String#sql_safe, similar to
At the time, discussion focused on the ability to pass unquoted literals to Arel, which you can already do with Arel.sql. But wouldn’t this also enable a (IMHO) much-needed feature: the ability to safely interpolate strings?
Right now, we have to use either array-substitution or hash-substitution, neither of which is very readable or DRY. I’ve seen many programmers (even those who know better) do interpolations anyway, either absent-mindedly out of habit, or because some clauses (i.e. joins()) don’t support them.
Wouldn’t a SafeBuffer allow global support for safe interpolations in a syntax that everyone already knows? And isn’t that a good thing?