diff options
author | David Heinemeier Hansson <david@loudthinking.com> | 2004-12-07 10:37:50 +0000 |
---|---|---|
committer | David Heinemeier Hansson <david@loudthinking.com> | 2004-12-07 10:37:50 +0000 |
commit | 3e7d191e6450a3050976c735b0efc11b8a0aee93 (patch) | |
tree | 1d954adc5207f7fcd231fe79e2fde0293e2b1d26 /activerecord/test | |
parent | 5e3eaff5bb00c4d19d9ff2e80d32090e9515fe2c (diff) | |
download | rails-3e7d191e6450a3050976c735b0efc11b8a0aee93.tar.gz rails-3e7d191e6450a3050976c735b0efc11b8a0aee93.tar.bz2 rails-3e7d191e6450a3050976c735b0efc11b8a0aee93.zip |
Added bind-style variable interpolation for the condition arrays that uses the adapter's quote method [Michael Koziarski]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@56 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'activerecord/test')
-rwxr-xr-x | activerecord/test/finder_test.rb | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/activerecord/test/finder_test.rb b/activerecord/test/finder_test.rb index d369f6b033..b7b4ab589a 100755 --- a/activerecord/test/finder_test.rb +++ b/activerecord/test/finder_test.rb @@ -60,6 +60,13 @@ class FinderTest < Test::Unit::TestCase assert_kind_of Time, Topic.find_first(["id = %d", 1]).written_on end + def test_bind_variables + assert_kind_of Firm, Company.find_first(["name = ?", "37signals"]) + assert_nil Company.find_first(["name = ?", "37signals!"]) + assert_nil Company.find_first(["name = ?", "37signals!' OR 1=1"]) + assert_kind_of Time, Topic.find_first(["id = ?", 1]).written_on + end + def test_string_sanitation assert_equal "something '' 1=1", ActiveRecord::Base.sanitize("something ' 1=1") assert_equal "something select table", ActiveRecord::Base.sanitize("something; select table") |