diff options
| author | David Heinemeier Hansson <david@loudthinking.com> | 2008-05-31 16:57:46 -0700 |
|---|---|---|
| committer | David Heinemeier Hansson <david@loudthinking.com> | 2008-05-31 16:57:46 -0700 |
| commit | ef0ea782b1f5cf7b08e74ea3002a16c708f66645 (patch) | |
| tree | e5bafb8aacf682d2df36d598a14ae1f623c5a258 /activerecord/lib/active_record | |
| parent | a6e79083273dfb1a62aa8ff02db07454c65729ff (diff) | |
| download | rails-ef0ea782b1f5cf7b08e74ea3002a16c708f66645.tar.gz rails-ef0ea782b1f5cf7b08e74ea3002a16c708f66645.tar.bz2 rails-ef0ea782b1f5cf7b08e74ea3002a16c708f66645.zip | |
Added SQL escaping for :limit and :offset [#288 state:closed] (Aaron Bedra, Steven Bristol, Jonathan Wiess)
Diffstat (limited to 'activerecord/lib/active_record')
| -rw-r--r-- | activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb b/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb index 16d405d3bd..5358491cde 100644 --- a/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb +++ b/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb @@ -106,11 +106,16 @@ module ActiveRecord # SELECT * FROM suppliers LIMIT 10 OFFSET 50 def add_limit_offset!(sql, options) if limit = options[:limit] - sql << " LIMIT #{limit}" + sql << " LIMIT #{sanitize_limit(limit)}" if offset = options[:offset] - sql << " OFFSET #{offset}" + sql << " OFFSET #{offset.to_i}" end end + sql + end + + def sanitize_limit(limit) + limit.to_s[/,/] ? limit.split(',').map{ |i| i.to_i }.join(',') : limit.to_i end # Appends a locking clause to an SQL statement. |