Added SQL escaping for :limit and :offset in MySQL [Jonathan Wiess]

author: David Heinemeier Hansson <david@loudthinking.com> 2008-06-01 09:15:11 -0700
committer: David Heinemeier Hansson <david@loudthinking.com> 2008-06-01 09:15:11 -0700
commit: 3282bf3b5016f0c9028cfff1012e8c31a13b40b7 (patch)
tree: 164119185308c4838a405a0034f67f924ee7d181 /activerecord/lib/active_record/connection_adapters
parent: 71528b1825ce5184b23d09f923cb72f4073ce8ed (diff)
download: rails-3282bf3b5016f0c9028cfff1012e8c31a13b40b7.tar.gz
rails-3282bf3b5016f0c9028cfff1012e8c31a13b40b7.tar.bz2
rails-3282bf3b5016f0c9028cfff1012e8c31a13b40b7.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/activerecord/lib/active_record/connection_adapters/mysql_adapter.rb b/activerecord/lib/active_record/connection_adapters/mysql_adapter.rb
index f00a2c8950..653b45021d 100755
--- a/activerecord/lib/active_record/connection_adapters/mysql_adapter.rb
+++ b/activerecord/lib/active_record/connection_adapters/mysql_adapter.rb
@@ -336,10 +336,11 @@ module ActiveRecord
 
       def add_limit_offset!(sql, options) #:nodoc:
         if limit = options[:limit]
+          limit = sanitize_limit(limit)
           unless offset = options[:offset]
             sql << " LIMIT #{limit}"
           else
-            sql << " LIMIT #{offset}, #{limit}"
+            sql << " LIMIT #{offset.to_i}, #{limit}"
           end
         end
       end
author	David Heinemeier Hansson <david@loudthinking.com>	2008-06-01 09:15:11 -0700
committer	David Heinemeier Hansson <david@loudthinking.com>	2008-06-01 09:15:11 -0700
commit	3282bf3b5016f0c9028cfff1012e8c31a13b40b7 (patch)
tree	164119185308c4838a405a0034f67f924ee7d181 /activerecord/lib/active_record/connection_adapters
parent	71528b1825ce5184b23d09f923cb72f4073ce8ed (diff)
download	rails-3282bf3b5016f0c9028cfff1012e8c31a13b40b7.tar.gz rails-3282bf3b5016f0c9028cfff1012e8c31a13b40b7.tar.bz2 rails-3282bf3b5016f0c9028cfff1012e8c31a13b40b7.zip