aboutsummaryrefslogtreecommitdiffstats
path: root/activerecord
diff options
context:
space:
mode:
authoryui-knk <spiketeika@gmail.com>2015-11-07 18:42:28 +0900
committeryui-knk <spiketeika@gmail.com>2015-11-09 21:30:54 +0900
commit49ff2ba2fe5f7598fb19dd1fca75feb981ba2e1d (patch)
treea3ef3565f5f6e3c51efd268c152cfed31b5a08fe /activerecord
parent92bc8cdb0771bf6ffcfb31ef58dba529527b514c (diff)
downloadrails-49ff2ba2fe5f7598fb19dd1fca75feb981ba2e1d.tar.gz
rails-49ff2ba2fe5f7598fb19dd1fca75feb981ba2e1d.tar.bz2
rails-49ff2ba2fe5f7598fb19dd1fca75feb981ba2e1d.zip
Add test cases for `#sanitize_sql_array` with named_bind_variables
And add code examples to `sanitize_sql_for_conditions`, `sanitize_sql_for_assignment`, and `sanitize_sql_array`.
Diffstat (limited to 'activerecord')
-rw-r--r--activerecord/lib/active_record/sanitization.rb9
-rw-r--r--activerecord/test/cases/sanitize_test.rb10
2 files changed, 19 insertions, 0 deletions
diff --git a/activerecord/lib/active_record/sanitization.rb b/activerecord/lib/active_record/sanitization.rb
index 0c15f45db9..4e89ba4dd1 100644
--- a/activerecord/lib/active_record/sanitization.rb
+++ b/activerecord/lib/active_record/sanitization.rb
@@ -18,6 +18,9 @@ module ActiveRecord
# sanitize_sql_for_conditions(["name=? and group_id=?", "foo'bar", 4])
# # => "name='foo''bar' and group_id=4"
#
+ # sanitize_sql_for_conditions(["name=:name and group_id=:group_id", name: "foo'bar", group_id: 4])
+ # # => "name='foo''bar' and group_id='4'"
+ #
# sanitize_sql_for_conditions(["name='%s' and group_id='%s'", "foo'bar", 4])
# # => "name='foo''bar' and group_id='4'"
#
@@ -40,6 +43,9 @@ module ActiveRecord
# sanitize_sql_for_assignment(["name=? and group_id=?", nil, 4])
# # => "name=NULL and group_id=4"
#
+ # sanitize_sql_for_assignment(["name=:name and group_id=:group_id", name: nil, group_id: 4])
+ # # => "name=NULL and group_id=4"
+ #
# Post.send(:sanitize_sql_for_assignment, { name: nil, group_id: 4 })
# # => "`posts`.`name` = NULL, `posts`.`group_id` = 4"
#
@@ -140,6 +146,9 @@ module ActiveRecord
# sanitize_sql_array(["name=? and group_id=?", "foo'bar", 4])
# # => "name='foo''bar' and group_id=4"
#
+ # sanitize_sql_array(["name=:name and group_id=:group_id", name: "foo'bar", group_id: 4])
+ # # => "name='foo''bar' and group_id=4"
+ #
# sanitize_sql_array(["name='%s' and group_id='%s'", "foo'bar", 4])
# # => "name='foo''bar' and group_id='4'"
def sanitize_sql_array(ary)
diff --git a/activerecord/test/cases/sanitize_test.rb b/activerecord/test/cases/sanitize_test.rb
index 14e392ac30..aa5c04dd06 100644
--- a/activerecord/test/cases/sanitize_test.rb
+++ b/activerecord/test/cases/sanitize_test.rb
@@ -25,6 +25,16 @@ class SanitizeTest < ActiveRecord::TestCase
assert_equal "name=#{quoted_bambi_and_thumper}", Binary.send(:sanitize_sql_array, ["name=?", "Bambi\nand\nThumper".mb_chars])
end
+ def test_sanitize_sql_array_handles_named_bind_variables
+ quoted_bambi = ActiveRecord::Base.connection.quote("Bambi")
+ assert_equal "name=#{quoted_bambi}", Binary.send(:sanitize_sql_array, ["name=:name", name: "Bambi"])
+ assert_equal "name=#{quoted_bambi} AND id=1", Binary.send(:sanitize_sql_array, ["name=:name AND id=:id", name: "Bambi", id: 1])
+
+ quoted_bambi_and_thumper = ActiveRecord::Base.connection.quote("Bambi\nand\nThumper")
+ assert_equal "name=#{quoted_bambi_and_thumper}", Binary.send(:sanitize_sql_array, ["name=:name", name: "Bambi\nand\nThumper"])
+ assert_equal "name=#{quoted_bambi_and_thumper} AND name2=#{quoted_bambi_and_thumper}", Binary.send(:sanitize_sql_array, ["name=:name AND name2=:name", name: "Bambi\nand\nThumper"])
+ end
+
def test_sanitize_sql_array_handles_relations
david = Author.create!(name: 'David')
david_posts = david.posts.select(:id)