aboutsummaryrefslogtreecommitdiffstats
path: root/activerecord
diff options
context:
space:
mode:
authorSean Griffin <sean@seantheprogrammer.com>2015-12-14 07:42:32 -0700
committerSean Griffin <sean@seantheprogrammer.com>2015-12-14 07:42:32 -0700
commitef2744dd9431408ea086d67507ab4a6af6cd82c1 (patch)
tree80063277d07121b5f12e0cb1af0ad12a3b262eed /activerecord
parent2dd64a7bbb0cb7b65976cb0516d0f338b099a715 (diff)
parent49ff2ba2fe5f7598fb19dd1fca75feb981ba2e1d (diff)
downloadrails-ef2744dd9431408ea086d67507ab4a6af6cd82c1.tar.gz
rails-ef2744dd9431408ea086d67507ab4a6af6cd82c1.tar.bz2
rails-ef2744dd9431408ea086d67507ab4a6af6cd82c1.zip
Merge pull request #22209 from yui-knk/add_test_sanitize_sql_array_handles_named_bind_variables
Add test cases for `#sanitize_sql_array` with named_bind_variables
Diffstat (limited to 'activerecord')
-rw-r--r--activerecord/lib/active_record/sanitization.rb9
-rw-r--r--activerecord/test/cases/sanitize_test.rb10
2 files changed, 19 insertions, 0 deletions
diff --git a/activerecord/lib/active_record/sanitization.rb b/activerecord/lib/active_record/sanitization.rb
index 0c15f45db9..4e89ba4dd1 100644
--- a/activerecord/lib/active_record/sanitization.rb
+++ b/activerecord/lib/active_record/sanitization.rb
@@ -18,6 +18,9 @@ module ActiveRecord
# sanitize_sql_for_conditions(["name=? and group_id=?", "foo'bar", 4])
# # => "name='foo''bar' and group_id=4"
#
+ # sanitize_sql_for_conditions(["name=:name and group_id=:group_id", name: "foo'bar", group_id: 4])
+ # # => "name='foo''bar' and group_id='4'"
+ #
# sanitize_sql_for_conditions(["name='%s' and group_id='%s'", "foo'bar", 4])
# # => "name='foo''bar' and group_id='4'"
#
@@ -40,6 +43,9 @@ module ActiveRecord
# sanitize_sql_for_assignment(["name=? and group_id=?", nil, 4])
# # => "name=NULL and group_id=4"
#
+ # sanitize_sql_for_assignment(["name=:name and group_id=:group_id", name: nil, group_id: 4])
+ # # => "name=NULL and group_id=4"
+ #
# Post.send(:sanitize_sql_for_assignment, { name: nil, group_id: 4 })
# # => "`posts`.`name` = NULL, `posts`.`group_id` = 4"
#
@@ -140,6 +146,9 @@ module ActiveRecord
# sanitize_sql_array(["name=? and group_id=?", "foo'bar", 4])
# # => "name='foo''bar' and group_id=4"
#
+ # sanitize_sql_array(["name=:name and group_id=:group_id", name: "foo'bar", group_id: 4])
+ # # => "name='foo''bar' and group_id=4"
+ #
# sanitize_sql_array(["name='%s' and group_id='%s'", "foo'bar", 4])
# # => "name='foo''bar' and group_id='4'"
def sanitize_sql_array(ary)
diff --git a/activerecord/test/cases/sanitize_test.rb b/activerecord/test/cases/sanitize_test.rb
index 07970fb1c1..239f63d27b 100644
--- a/activerecord/test/cases/sanitize_test.rb
+++ b/activerecord/test/cases/sanitize_test.rb
@@ -25,6 +25,16 @@ class SanitizeTest < ActiveRecord::TestCase
assert_equal "name=#{quoted_bambi_and_thumper}", Binary.send(:sanitize_sql_array, ["name=?", "Bambi\nand\nThumper".mb_chars])
end
+ def test_sanitize_sql_array_handles_named_bind_variables
+ quoted_bambi = ActiveRecord::Base.connection.quote("Bambi")
+ assert_equal "name=#{quoted_bambi}", Binary.send(:sanitize_sql_array, ["name=:name", name: "Bambi"])
+ assert_equal "name=#{quoted_bambi} AND id=1", Binary.send(:sanitize_sql_array, ["name=:name AND id=:id", name: "Bambi", id: 1])
+
+ quoted_bambi_and_thumper = ActiveRecord::Base.connection.quote("Bambi\nand\nThumper")
+ assert_equal "name=#{quoted_bambi_and_thumper}", Binary.send(:sanitize_sql_array, ["name=:name", name: "Bambi\nand\nThumper"])
+ assert_equal "name=#{quoted_bambi_and_thumper} AND name2=#{quoted_bambi_and_thumper}", Binary.send(:sanitize_sql_array, ["name=:name AND name2=:name", name: "Bambi\nand\nThumper"])
+ end
+
def test_sanitize_sql_array_handles_relations
david = Author.create!(name: 'David')
david_posts = david.posts.select(:id)