diff options
author | Jeremy Kemper <jeremy@bitsweat.net> | 2006-06-01 01:43:20 +0000 |
---|---|---|
committer | Jeremy Kemper <jeremy@bitsweat.net> | 2006-06-01 01:43:20 +0000 |
commit | b09d02c9e8523857aa290d0824e1c22a714604ac (patch) | |
tree | 326f2841bfcced993561d2b9b0e692f929bea142 /activerecord/lib | |
parent | 9fcc0654c37772a3d6884c5d6f7099a39fe88f73 (diff) | |
download | rails-b09d02c9e8523857aa290d0824e1c22a714604ac.tar.gz rails-b09d02c9e8523857aa290d0824e1c22a714604ac.tar.bz2 rails-b09d02c9e8523857aa290d0824e1c22a714604ac.zip |
Records and arrays of records are bound as quoted ids.
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4391 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'activerecord/lib')
-rwxr-xr-x | activerecord/lib/active_record/base.rb | 6 | ||||
-rw-r--r-- | activerecord/lib/active_record/connection_adapters/abstract/quoting.rb | 3 |
2 files changed, 6 insertions, 3 deletions
diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb index 4d878e6a1d..735c8203aa 100755 --- a/activerecord/lib/active_record/base.rb +++ b/activerecord/lib/active_record/base.rb @@ -1308,9 +1308,9 @@ module ActiveRecord #:nodoc: end def quote_bound_value(value) #:nodoc: - if (value.respond_to?(:map) && !value.is_a?(String)) - if value.empty? - "null" + if value.respond_to?(:map) && !value.is_a?(String) + if value.respond_to?(:empty?) && value.empty? + connection.quote(nil) else value.map { |v| connection.quote(v) }.join(',') end diff --git a/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb b/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb index 8d8d085bb1..05beddac75 100644 --- a/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb +++ b/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb @@ -4,6 +4,9 @@ module ActiveRecord # Quotes the column value to help prevent # {SQL injection attacks}[http://en.wikipedia.org/wiki/SQL_injection]. def quote(value, column = nil) + # records are quoted as their primary key + return value.quoted_id if value.respond_to?(:quoted_id) + case value when String if column && column.type == :binary && column.class.respond_to?(:string_to_binary) |