diff options
| author | David Heinemeier Hansson <david@loudthinking.com> | 2004-12-07 14:48:53 +0000 |
|---|---|---|
| committer | David Heinemeier Hansson <david@loudthinking.com> | 2004-12-07 14:48:53 +0000 |
| commit | 49403831fc90a9d0d6955bab2ae6f7833be3c0ba (patch) | |
| tree | 4765bf694483851dc83b6d9dbaada5caede95a81 /activerecord/lib/active_record/associations | |
| parent | 8a40c6b52258df9f790fd160104c3ab18e0494e7 (diff) | |
| download | rails-49403831fc90a9d0d6955bab2ae6f7833be3c0ba.tar.gz rails-49403831fc90a9d0d6955bab2ae6f7833be3c0ba.tar.bz2 rails-49403831fc90a9d0d6955bab2ae6f7833be3c0ba.zip | |
Fixed value quoting in all generated SQL statements, so that integers are not surrounded in quotes and that all sanitation are happening through the database's own quoting routine. This should hopefully make it lots easier for new adapters that doesn't accept '1' for integer columns.
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@70 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'activerecord/lib/active_record/associations')
3 files changed, 18 insertions, 14 deletions
diff --git a/activerecord/lib/active_record/associations/association_collection.rb b/activerecord/lib/active_record/associations/association_collection.rb index a60b9ddab5..00758aa66c 100644 --- a/activerecord/lib/active_record/associations/association_collection.rb +++ b/activerecord/lib/active_record/associations/association_collection.rb @@ -81,7 +81,7 @@ module ActiveRecord end def quoted_record_ids(records) - records.map { |record| "'#{@association_class.send(:sanitize, record.id)}'" }.join(',') + records.map { |record| record.quoted_id }.join(',') end def interpolate_sql_options!(options, *keys) diff --git a/activerecord/lib/active_record/associations/has_and_belongs_to_many_association.rb b/activerecord/lib/active_record/associations/has_and_belongs_to_many_association.rb index 8dec71403c..d53650fbd8 100644 --- a/activerecord/lib/active_record/associations/has_and_belongs_to_many_association.rb +++ b/activerecord/lib/active_record/associations/has_and_belongs_to_many_association.rb @@ -13,7 +13,7 @@ module ActiveRecord @finder_sql = options[:finder_sql] || "SELECT t.*, j.* FROM #{association_table_name} t, #{@join_table} j " + "WHERE t.#{@owner.class.primary_key} = j.#{@association_foreign_key} AND " + - "j.#{association_class_primary_key_name} = '#{@owner.id}' " + + "j.#{association_class_primary_key_name} = #{@owner.quoted_id} " + (options[:conditions] ? " AND " + options[:conditions] : "") + " " + "ORDER BY #{@order}" end @@ -26,11 +26,11 @@ module ActiveRecord each { |record| @owner.connection.execute(sql) } elsif @options[:conditions] sql = - "DELETE FROM #{@join_table} WHERE #{@association_class_primary_key_name} = '#{@owner.id}' " + + "DELETE FROM #{@join_table} WHERE #{@association_class_primary_key_name} = #{@owner.quoted_id} " + "AND #{@association_foreign_key} IN (#{collect { |record| record.id }.join(", ")})" @owner.connection.execute(sql) else - sql = "DELETE FROM #{@join_table} WHERE #{@association_class_primary_key_name} = '#{@owner.id}'" + sql = "DELETE FROM #{@join_table} WHERE #{@association_class_primary_key_name} = #{@owner.quoted_id}" @owner.connection.execute(sql) end @@ -46,7 +46,7 @@ module ActiveRecord if loaded? find_all { |record| record.id == association_id.to_i }.first else - find_all_records(@finder_sql.sub(/ORDER BY/, "AND j.#{@association_foreign_key} = '#{association_id}' ORDER BY")).first + find_all_records(@finder_sql.sub(/ORDER BY/, "AND j.#{@association_foreign_key} = #{@owner.send(:quote, association_id)} ORDER BY")).first end end end @@ -80,7 +80,8 @@ module ActiveRecord if @options[:insert_sql] @owner.connection.execute(interpolate_sql(@options[:insert_sql], record)) else - sql = "INSERT INTO #{@join_table} (#{@association_class_primary_key_name}, #{@association_foreign_key}) VALUES ('#{@owner.id}','#{record.id}')" + sql = "INSERT INTO #{@join_table} (#{@association_class_primary_key_name}, #{@association_foreign_key}) " + + "VALUES (#{@owner.quoted_id},#{record.quoted_id})" @owner.connection.execute(sql) end end @@ -98,7 +99,7 @@ module ActiveRecord records.each { |record| @owner.connection.execute(sql) } else ids = quoted_record_ids(records) - sql = "DELETE FROM #{@join_table} WHERE #{@association_class_primary_key_name} = '#{@owner.id}' AND #{@association_foreign_key} IN (#{ids})" + sql = "DELETE FROM #{@join_table} WHERE #{@association_class_primary_key_name} = #{@owner.quoted_id} AND #{@association_foreign_key} IN (#{ids})" @owner.connection.execute(sql) end end diff --git a/activerecord/lib/active_record/associations/has_many_association.rb b/activerecord/lib/active_record/associations/has_many_association.rb index 0f2d20d240..1d8441e6f8 100644 --- a/activerecord/lib/active_record/associations/has_many_association.rb +++ b/activerecord/lib/active_record/associations/has_many_association.rb @@ -8,7 +8,7 @@ module ActiveRecord if options[:finder_sql] @finder_sql = interpolate_sql(options[:finder_sql]) else - @finder_sql = "#{@association_class_primary_key_name} = '#{@owner.id}' #{@conditions ? " AND " + interpolate_sql(@conditions) : ""}" + @finder_sql = "#{@association_class_primary_key_name} = #{@owner.quoted_id} #{@conditions ? " AND " + interpolate_sql(@conditions) : ""}" end if options[:counter_sql] @@ -16,7 +16,7 @@ module ActiveRecord elsif options[:finder_sql] @counter_sql = options[:counter_sql] = @finder_sql.gsub(/SELECT (.*) FROM/i, "SELECT COUNT(*) FROM") else - @counter_sql = "#{@association_class_primary_key_name} = '#{@owner.id}'#{@conditions ? " AND " + interpolate_sql(@conditions) : ""}" + @counter_sql = "#{@association_class_primary_key_name} = #{@owner.quoted_id}#{@conditions ? " AND " + interpolate_sql(@conditions) : ""}" end end @@ -40,8 +40,8 @@ module ActiveRecord @collection.find_all(&block) else @association_class.find_all( - "#{@association_class_primary_key_name} = '#{@owner.id}' " + - "#{@conditions ? " AND " + @conditions : ""} #{runtime_conditions ? " AND " + @association_class.send(:sanitize_conditions, runtime_conditions) : ""}", + "#{@association_class_primary_key_name} = #{@owner.quoted_id}" + + "#{@conditions ? " AND " + @conditions : ""}#{runtime_conditions ? " AND " + @association_class.send(:sanitize_conditions, runtime_conditions) : ""}", orderings, limit, joins @@ -55,7 +55,7 @@ module ActiveRecord @collection.find(&block) else @association_class.find_on_conditions(association_id, - "#{@association_class_primary_key_name} = '#{@owner.id}' #{@conditions ? " AND " + @conditions : ""}" + "#{@association_class_primary_key_name} = #{@owner.quoted_id}#{@conditions ? " AND " + @conditions : ""}" ) end end @@ -63,7 +63,7 @@ module ActiveRecord # Removes all records from this association. Returns +self+ so # method calls may be chained. def clear - @association_class.update_all("#{@association_class_primary_key_name} = NULL", "#{@association_class_primary_key_name} = '#{@owner.id}'") + @association_class.update_all("#{@association_class_primary_key_name} = NULL", "#{@association_class_primary_key_name} = #{@owner.quoted_id}") @collection = [] self end @@ -101,7 +101,10 @@ module ActiveRecord def delete_records(records) ids = quoted_record_ids(records) - @association_class.update_all("#{@association_class_primary_key_name} = NULL", "#{@association_class_primary_key_name} = '#{@owner.id}' AND #{@association_class.primary_key} IN (#{ids})") + @association_class.update_all( + "#{@association_class_primary_key_name} = NULL", + "#{@association_class_primary_key_name} = #{@owner.quoted_id} AND #{@association_class.primary_key} IN (#{ids})" + ) end end end |