diff options
author | Aaron Patterson <aaron.patterson@gmail.com> | 2011-04-13 10:41:12 -0700 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2011-04-14 13:37:39 -0700 |
commit | 8571facea3b51717b3c57c50b2deae5dbf997c6e (patch) | |
tree | 7641f3559c3f5add085c7574f58a4ecc070b0f94 /activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb | |
parent | 4893170da20eee28c016408a0f72f1996343a048 (diff) | |
download | rails-8571facea3b51717b3c57c50b2deae5dbf997c6e.tar.gz rails-8571facea3b51717b3c57c50b2deae5dbf997c6e.tar.bz2 rails-8571facea3b51717b3c57c50b2deae5dbf997c6e.zip |
insert statements are prepared, but values are not escaped properly
Diffstat (limited to 'activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb')
-rw-r--r-- | activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb index 05f0e5ebe1..0884968363 100644 --- a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb +++ b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb @@ -544,6 +544,18 @@ module ActiveRecord exec_query(sql, name, binds) end + def sql_for_insert(sql, pk, id_value, sequence_name, binds) + unless pk + _, table = extract_schema_and_table(sql.split(" ", 4)[2]) + + pk = primary_key(table) + end + + sql = "#{sql} RETURNING #{quote_column_name(pk)}" if pk + + [sql, binds] + end + # Executes an UPDATE query and returns the number of affected tuples. def update_sql(sql, name = nil) super.cmd_tuples |