Records and arrays of records are bound as quoted ids.

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4391 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

2 files changed, 6 insertions, 3 deletions

diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb
index 4d878e6a1d..735c8203aa 100755
--- a/activerecord/lib/active_record/base.rb
+++ b/activerecord/lib/active_record/base.rb
@@ -1308,9 +1308,9 @@ module ActiveRecord #:nodoc:
         end
 
         def quote_bound_value(value) #:nodoc:
-          if (value.respond_to?(:map) && !value.is_a?(String))
-            if value.empty?
-              "null"
+          if value.respond_to?(:map) && !value.is_a?(String)
+            if value.respond_to?(:empty?) && value.empty?
+              connection.quote(nil)
             else
               value.map { |v| connection.quote(v) }.join(',')
             end
diff --git a/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb b/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb
index 8d8d085bb1..05beddac75 100644
--- a/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb
+++ b/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb
@@ -4,6 +4,9 @@ module ActiveRecord
       # Quotes the column value to help prevent
       # {SQL injection attacks}[http://en.wikipedia.org/wiki/SQL_injection].
       def quote(value, column = nil)
+        # records are quoted as their primary key
+        return value.quoted_id if value.respond_to?(:quoted_id)
+
         case value
           when String
             if column && column.type == :binary && column.class.respond_to?(:string_to_binary)