From ede8da4b26bd24aec746dcd8efa864b2e43e075e Mon Sep 17 00:00:00 2001
From: Ryuta Kamizono <kamipo@gmail.com>
Date: Mon, 27 Mar 2017 19:40:54 +0900
Subject: Use `quote` method rather than single quotes to identifiers in SQL

Because identifiers in SQL could include a single quote.

Related #24950, #26784.
---
 .../lib/active_record/connection_adapters/abstract_mysql_adapter.rb     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb')

diff --git a/activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb b/activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb
index c42e80ea2c..183f0f3c1b 100644
--- a/activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb
+++ b/activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb
@@ -694,7 +694,7 @@ module ActiveRecord
             auto_increment: column.auto_increment?
           }
 
-          current_type = select_one("SHOW COLUMNS FROM #{quote_table_name(table_name)} LIKE '#{column_name}'", "SCHEMA")["Type"]
+          current_type = select_one("SHOW COLUMNS FROM #{quote_table_name(table_name)} LIKE #{quote(column_name)}", "SCHEMA")["Type"]
           td = create_table_definition(table_name)
           cd = td.new_column_definition(new_column_name, current_type, options)
           schema_creation.accept(ChangeColumnDefinition.new(cd, column.name))
-- 
cgit v1.2.3