rails 直接執行 SQL 且避免 sql injection

markdown 以下是一個 sql update 的範例程式： ``` old_value = ActiveRecord::Base.sanitize(old_value) new_value = ActiveRecord::Base.sanitize(new_value) updated_at = ActiveRecord::Base.sanitize(Time.current) results = ActiveRecord::Base.connection.execute( "update table set field=#{new_value}, updated_at=#{updated_at} where field=#{old_value}" ) ```