diff options
author | Jeremy Kemper <jeremy@bitsweat.net> | 2006-06-01 01:43:20 +0000 |
---|---|---|
committer | Jeremy Kemper <jeremy@bitsweat.net> | 2006-06-01 01:43:20 +0000 |
commit | b09d02c9e8523857aa290d0824e1c22a714604ac (patch) | |
tree | 326f2841bfcced993561d2b9b0e692f929bea142 /activerecord/lib/active_record/connection_adapters/abstract/quoting.rb | |
parent | 9fcc0654c37772a3d6884c5d6f7099a39fe88f73 (diff) | |
download | rails-b09d02c9e8523857aa290d0824e1c22a714604ac.tar.gz rails-b09d02c9e8523857aa290d0824e1c22a714604ac.tar.bz2 rails-b09d02c9e8523857aa290d0824e1c22a714604ac.zip |
Records and arrays of records are bound as quoted ids.
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4391 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'activerecord/lib/active_record/connection_adapters/abstract/quoting.rb')
-rw-r--r-- | activerecord/lib/active_record/connection_adapters/abstract/quoting.rb | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb b/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb index 8d8d085bb1..05beddac75 100644 --- a/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb +++ b/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb @@ -4,6 +4,9 @@ module ActiveRecord # Quotes the column value to help prevent # {SQL injection attacks}[http://en.wikipedia.org/wiki/SQL_injection]. def quote(value, column = nil) + # records are quoted as their primary key + return value.quoted_id if value.respond_to?(:quoted_id) + case value when String if column && column.type == :binary && column.class.respond_to?(:string_to_binary) |