Solution 1: sanitize_sql
Can also use instance method to do the same thing
Solution 2: ActiveRecord::Base.connection.quote
ActiveRecord::Base.connection.quote only escape quotes of query. So... it's not a good solution.
Solution 3: sanitize_sql_array
When you using sanitize_sql_array, the output will the same as when you using sanitize_sql.
But your dont need to send useless table name in third parameter anymore.
If we call sanitize_sql_array not through send, you'll get error message
protected methodsanitize_sql_array' called for ActiveRecord::Base:Class`, So we have to use send to avoid this situation.