I have been searching for a way to properly escape LIKE queries in Ruby on Rails. But all the answers suggest to use string interpolation like this:
Post.where("title LIKE ?", "%#{title}%")
Even with Arel people suggest using string interpolation in the same way.
But this has a caveat. If the query contains a % character it will affect the LIKE expression, that means a query like 20% less will cause the results to include posts which title contains anything between 20 and less which is not what I want. What I want is to get all posts which contains 20% less in the title.
I know there is a method called sanitize_sql_like in the ActiveRecord::Sanitization module but it is a protected method and I cannot call it directly.
I could go to the method source on github and copy the code, it's a pretty simple code actually:
pattern = Regexp.union(escape_character, "%", "_")
string.gsub(pattern) { |x| [escape_character, x].join }
But I wonder. If Rails already have it, why write it again?
Is there some way to call the method directly? or any other method to escape LIKE queries in Rails.
PD: Back in the old days in CodeIgniter I used a method called escape_like_str to do exactly this. I refuse to believe Rails doesn't have one.
