I am writing a raw query and need to escape a variable that the user
can modify. Similar to :conditions => ["whatever = ?", var]. What function does this use behind the scenes?
Depending on what you want:
connection#quote
ActiveRecord::Base#quote_value
ActiveRecord::Base#sanitize_sql (which turns ["whatever = ?", var]
into "whatever = 'var'"
Fred