diff options
Diffstat (limited to 'activerecord/lib')
-rwxr-xr-x | activerecord/lib/active_record/base.rb | 6 | ||||
-rw-r--r-- | activerecord/lib/active_record/connection_adapters/abstract/quoting.rb | 3 |
2 files changed, 6 insertions, 3 deletions
diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb index 4d878e6a1d..735c8203aa 100755 --- a/activerecord/lib/active_record/base.rb +++ b/activerecord/lib/active_record/base.rb @@ -1308,9 +1308,9 @@ module ActiveRecord #:nodoc: end def quote_bound_value(value) #:nodoc: - if (value.respond_to?(:map) && !value.is_a?(String)) - if value.empty? - "null" + if value.respond_to?(:map) && !value.is_a?(String) + if value.respond_to?(:empty?) && value.empty? + connection.quote(nil) else value.map { |v| connection.quote(v) }.join(',') end diff --git a/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb b/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb index 8d8d085bb1..05beddac75 100644 --- a/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb +++ b/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb @@ -4,6 +4,9 @@ module ActiveRecord # Quotes the column value to help prevent # {SQL injection attacks}[http://en.wikipedia.org/wiki/SQL_injection]. def quote(value, column = nil) + # records are quoted as their primary key + return value.quoted_id if value.respond_to?(:quoted_id) + case value when String if column && column.type == :binary && column.class.respond_to?(:string_to_binary) |