diff options
author | Sean Griffin <sean@thoughtbot.com> | 2014-10-31 09:43:38 -0600 |
---|---|---|
committer | Sean Griffin <sean@thoughtbot.com> | 2014-11-01 15:39:51 -0600 |
commit | 10f75af9330c0694a233b856057d0ee453f19e42 (patch) | |
tree | 8661dfaa9ad99653a9941cd70f31f05cc6e57318 /guides/source/security.md | |
parent | a431df84b5ccf9fe155f71cfd8b441523efde970 (diff) | |
download | rails-10f75af9330c0694a233b856057d0ee453f19e42.tar.gz rails-10f75af9330c0694a233b856057d0ee453f19e42.tar.bz2 rails-10f75af9330c0694a233b856057d0ee453f19e42.zip |
Use bind values for joined tables in where statements
In practical terms, this allows serialized columns and tz aware columns
to be used in wheres that go through joins, where they previously would
not behave correctly. Internally, this removes 1/3 of the cases where we
rely on Arel to perform type casting for us.
There were two non-obvious changes required for this. `update_all` on
relation was merging its bind values with arel's in the wrong order.
Additionally, through associations were assuming there would be no bind
parameters in the preloader (presumably because the where would always
be part of a join)
[Melanie Gilman & Sean Griffin]
Diffstat (limited to 'guides/source/security.md')
0 files changed, 0 insertions, 0 deletions