Function to escape queries?

I am writing a raw query and need to escape a variable that the user
can
modify. Similar to :conditions => ["whatever = ?", var]. What function
does this use behind the scenes?

Depending on what you want:

connection#quote

ActiveRecord::Base#quote_value

ActiveRecord::Base#sanitize_sql (which turns ["whatever = ?", var]
into "whatever = 'var'"

Fred